supabase-js icon indicating copy to clipboard operation
supabase-js copied to clipboard
verified publisher icon supabase

fix(auth): clear local storage on signOut when session is already missing

Open 7ttp opened this issue 1 month ago • 1 comments

Summary

Fixes signOut throwing AuthSessionMissingError and leaving stale session data in local storage when the session was already invalidated from another device.

Problem

When a user signs out globally from one device, all sessions are invalidated on the server. If the user then tries to call signOut() from a second device, the method throws AuthSessionMissingError and returns early without clearing the local storage. This leaves the client in a broken state with stale session data.

Solution

Handle AuthSessionMissingError in _signOut by:

  1. Not returning early when sessionError is AuthSessionMissingError
  2. Ignoring AuthSessionMissingError from admin.signOut alongside existing 404/401/403 handling

This ensures local storage is always cleared when signOut is called, regardless of server-side session state.

Related

Closes https://github.com/supabase/supabase-js/issues/1616

7ttp avatar Jan 16 '26 18:01 7ttp

Coverage Status

coverage: 80.901% (-0.02%) from 80.916% when pulling b4b6c45f81102d73a934d1006f0040a2d899e2a0 on 7ttp:fix/signout-clear-storage-on-missing-session into 188b83f58fc03e9aa151e1e62c7794e9477c41cc on supabase:master.

coveralls avatar Jan 16 '26 18:01 coveralls