search

vercel / next.js

The React Framework
https://nextjs.org
MIT License
123.52k stars 26.35k forks source link

Middleware sometimes doesn't executes #58025

Open apuatcfbd opened 8 months ago

apuatcfbd commented 8 months ago

Link to the code that reproduces this issue

https://github.com/apuatcfbd/nextjs13-middleware-issue

To Reproduce

When using router.push middleware sometimes doesn't gets executed. The issue can be produced in the provided repo. There i'm intentionally using router.push instead of Link. The issue can be seen on my screencast too. https://drive.google.com/file/d/19-UsJ18vxEoAK5b8X-bm0KEZpcZqrRmU/view?usp=sharing

In there if you look at the terminal, first time the middleware was executed, then thats not executing, after I waited around 15-25 seconds, that started executing again everytime I visit the secure path which is under protection of the middleware. Is here i'm doing something wrong?

Current vs. Expected behavior

Current Behavior Middleware is not executing everytime route gets changed. Strangely it starts work normal after few seconds!

Expected Behavior Middleware should gets executed everytime route gets changed,

Verify canary release

Provide environment information

Operating System:
  Platform: linux
  Arch: x64
  Version: #37~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct  9 15:34:04 UTC 2
Binaries:
  Node: 20.4.0
  npm: 9.7.2
  Yarn: N/A
  pnpm: 8.10.2
Relevant Packages:
  next: 13.5.6
  eslint-config-next: 13.5.6
  react: 18.2.0
  react-dom: 18.2.0
  typescript: 5.2.2
Next.js Config:
  output: N/A

Which area(s) are affected? (Select all that apply)

Middleware / Edge (API routes, runtime)

Additional context

No response

erfanGharib commented 8 months ago

Hi, thanks for your report! 🙏 I checked this out and realized that this bug is only related to the app directory, not the pages. I'm going to work on fixing this. 👍

sophiedophie commented 7 months ago

Hey @erfanGharib can you give us some hint why this is happening? Or what is the ETA for this bug? Seriously we need to make sure middleware is executed every time. This is nonsense that middleware execution is not consistent

NickG-NZ commented 6 months ago

Following up. This is a critical bug, when can we expect a fix? We use middleware to protect routes (Next 13.5.4). We have consistently seen a situation where after logout the user can return to their "protected" account page via a link because the middleware isn't executed (verified by logging all calls to middleware).

umar-brackets commented 3 months ago

I am also facing the issue that on dev the middleware is called on each route specified in the matcher:[], it is all ok in dev but after creating a build of my next js 13.5 project the middle is not called on the path "/", except "/" middleware is called on every route in the build. Can anyone please guide me why there is a difference in calling middleware in dev and after creating the build?

Benjythebee commented 2 weeks ago

According to the docs https://nextjs.org/docs/app/api-reference/functions/use-router; router.push is solely client side and therefore won't execute server-side request (Which includes the middleware);

Unless I'm mistaken?

RubensKj commented 2 weeks ago

Hello everyone! I was wondering if we have some updates on this bug??

sophiedophie commented 2 weeks ago

@Benjythebee But then here, if you see the video attached on the top, sometimes you see the 'Middleware ran' console message even the navigation happened from router.push. It sounds valid that middleware only triggered for server-side request, then router.push triggers server-side request...?

mickythompson commented 5 days ago

We encountered this middleware bug in Next.js v14.2.4. The issue is that the middleware doesn't always execute as expected. Specifically, we've noticed that it works on the first visit to a specific path, but not on subsequent visits during the same session. As the original author pointed out, temporary solutions like waiting for approximately 15 seconds or forcing a browser refresh can be used.

My specific use case involves checking if the user has verified their email address before allowing them to access a certain route (e.g., /app). Additionally, we need to check if the user is an administrator before allowing them to access another route (e.g., /admin). While we could manually implement these checks on each page, using middleware provides a simpler solution.