firebase-js-sdk icon indicating copy to clipboard operation
firebase-js-sdk copied to clipboard
verified publisher icon firebase

auth.setPersistence(browserLocalPersistence) is not idempotent: wipes previous browser local storage

Open rikbrown opened this issue 2 months ago • 2 comments

Operating System

macOS 26/various Ubuntu

Environment (if applicable)

Next.js 15/Node

Firebase SDK Version

11.9.0

Firebase SDK Product(s)

Auth

Project Tooling

Next.js 15, Typescript, Node

Detailed Problem Description

tl;dr: auth.setPersistence is not idempotent and this is not documented correctly. Calling setPersistence(browserLocalPersistence) will wipe any previous local storage sessions. Do not call this method during init if you just want the status quo of local persistence.

Our app uses a shared Firebase app wrapper with two modes depending on the application consuming that wrapper. One of them uses Firebase Auth purely to acquire a session token (so uses in memory persistence), the other actually uses local Firebase storage.

Our code was running this as part of init:

await auth.setPersistence(
  env.NEXT_PUBLIC_FIREBASE_PERSIST ? browserLocalPersistence : inMemoryPersistence
)

We assumed, that because browserLocalStorage is the default, and furthermore on a re-init was being used by previous initialisations, that calling setPersistence with the exact same setup would be idempotent.

This isn't the case: each time the app inits, the locally stored auth is wiped out. This is very evident if we opened an instance of our app in a new tab. The new tab reinitialises (cold start), wipes the store and continues happily. However, any previous tab - listening to the old store - now loses its state and thinks it is logged out.

This is undocumented and IMO dangerous (certainly was for us). I found this note in the docs at https://firebase.google.com/docs/auth/web/auth-state-persistence:

If the user was previously signed in using local persistence with multiple tabs opened and then switches to none or session persistence in one tab, the state of that tab will be modified with the user persisted in session or none and on all other tabs, the user will be signed out.

However, this does not imply that setting to the exact same auth would cause a sign out.

Steps and code to reproduce issue

  • Initialise firebase
  • Add the snippet to explicitly set auth to browser local
  • Open in one tab, log in
  • Open in a new tab. Observe first tab loses state.

rikbrown avatar Oct 14 '25 22:10 rikbrown

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

google-oss-bot avatar Oct 14 '25 22:10 google-oss-bot

We are noticing the exact same behavior. Using v12.4.0, and we are invoking setPersistence(autth, browserLocalPersistence).

oconnorjoseph avatar Oct 15 '25 18:10 oconnorjoseph