Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setSession cannot be used in a multi-tab situation (v2) #441

Closed
GaryAustin1 opened this issue Sep 15, 2022 · 1 comment
Closed

setSession cannot be used in a multi-tab situation (v2) #441

GaryAustin1 opened this issue Sep 15, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@GaryAustin1
Copy link

GaryAustin1 commented Sep 15, 2022
edited
Loading

Bug report

Describe the bug

With two or more tabs running with a shared refresh token from localStorage, setSession will get a new refresh token and invalidate the first shared token if after the reuse window. Then the 2nd tab will try and refresh with the original shared token and get 400 error. This will invalidate all tokens and clear localStorage.

To Reproduce

This is run in two tabs, refreshing the 2nd tab 20 seconds or so after starting, so that it staggers the setSession after the reuse window.

var supabase = supabase.createClient(SUPABASE_URL, SUPABASE_KEY)

async function app () {
    const {data: sessionData} = await supabase.auth.getSession()
    if (!sessionData.session) {
        const {data} = await supabase.auth.signInWithPassword({
                email: 'myemail',
                password: 'mypassword'
        )
    }
           //run setSession after reuse window
    if (sessionData.session) {
        console.log('sessionData', sessionData,sessionData.session.refresh_token)
                setTimeout(function () {
                    supabase.auth.setSession(sessionData.session.refresh_token).then(data => {
                        console.log('set Session',data.data.session.refresh_token)
                    })
                }, 15000)
    }
    const { data: listener } = supabase.auth.onAuthStateChange(
        async (event, session) => {
            console.log(event, session)
        })

Expected behavior

Either document you can't use setSession in a multitab environment or handle refresh token changes like in v1 (or similar method).

Screenshots

image

  1. tab1 starts
  2. tab1 runs setSession 15 seconds later
  3. tab2 starts 11 seconds later
  4. tab 2 runs setSession 15 seconds later (this uses up the shared token)
  5. tab 1 runs timer refresh 24 seconds later with invalid now token

System information

Javascript
supabase-js-2.0.0-rc.10

Additional context

Add any other context about the problem here.
@GaryAustin1 GaryAustin1 added the bug Something isn't working label Sep 15, 2022
@hf
Copy link
Contributor

hf commented Dec 30, 2022

I believe this will also be taken care of with #564.

@hf hf closed this as completed Dec 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hf @GaryAustin1