auth-helpers icon indicating copy to clipboard operation
auth-helpers copied to clipboard

Published 20 hours ago verified publisher icon supabase

[supabase/ssr] Auth token chunking broken

Open bombillazo opened this issue 6 months ago • 0 comments

Bug report

  • [x] I confirm this is a bug with Supabase, not with my own application.
  • [x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

In a Next.JS application, when the user JWT access token is too large, the supabase auth library splits it into sections and sends it in the cookies in the following manner:

sb-project-auth-token.0
sb-project-auth-token.1
...
sb-project-auth-token.n

These cookies are randomly deleted from the browser storage, which causes auth issues in the application. We have not identified the cause, but it happens when the JWT is split into multiple cookies.

To Reproduce

  1. Create a user in your auth table and add a large dummy raw_user_meta_data JSON object
  2. In a next page, add the SSR createBrowserClient
  3. Login
  4. Check the cookies panel in your browser and look for sb-project-auth-token.0
  5. Navigate around the page, refresh or wait a while
  6. Cookies are randomly deleted

Expected behavior

Cookies are kept in memory until a signout event happens or the cookies are cleared manually.

System information

  • Browser (if applies) Firefox
  • Version of supabase-js: 2.39.3

Additional context

We are using the Next.js framework

bombillazo avatar Feb 05 '24 21:02 bombillazo