supabase-js icon indicating copy to clipboard operation
supabase-js copied to clipboard

Published 20 hours ago verified publisher icon supabase

supabase.auth.getSession is slow

Open lauri865 opened this issue 1 year ago • 2 comments

Bug report

  • [ x ] I confirm this is a bug with Supabase, not with my own application.
  • [ x ] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

supabase.auth.getSession() can take anywhere from 20ms up to 100ms on a fast processor (M2 Pro) when invoked e.g. during an initial page rendering phase. This feels way too slow for a function that doesn't do any network calls.

For comparison, a custom function I mocked up that reads the cookie, parses accessToken and returns the JWT as an object (json.parse+base64decode+json.parse) takes around 0.3-0.4ms under the same load, and is similarly performant during idle and rendering phase.

Benchmarks (rough): During rendering phase:

  1. Custom JWT decode: <0.4ms
  2. await supabase.auth.getSession(): ~50ms

Idle phase:

  1. Custom JWT decode: <0.4ms (very stable and predictable)
  2. await supabase.auth.getSession(): 0.8-1.7ms (significantly better, but all over the place even during an idle phase)

Given the above, it's unlikely that it's caused by anything specific to my app, since the custom implementation doesn't slow down at all during rendering phase vs. idle phase.

To Reproduce

  1. Run the below code e.g. when rendering a React component
console.time("getSession");
const { data, error } = await supabase.auth.getSession();
console.timeEnd("getSession");
  1. Refresh the page

Expected behavior

Under 1ms performance for a function that is doing simple local processing..

Screenshots

If applicable, add screenshots to help explain your problem.

System information

  • OS: macOS
  • Browser (if applies) Chrome
  • Version of supabase-js: latest
  • Version of Node.js: 20

Additional context

What's worse, it's similarly slow even when there's no cookie present.

lauri865 avatar Feb 08 '24 19:02 lauri865

Just checked the implementation - could it be due to the locking mechanism? It's a bit unclear (to an outsider) why the function as a whole needs locks? Refresh session, sure, perhaps not the session fetching part.

I imagine it's often used for client-side route protections, etc. Which just adds an unnecessary delay to page renders and delay before data fetching starts.

lauri865 avatar Feb 08 '24 20:02 lauri865

Just noticed the same thing here! Meanwhile this is fixed, can you share your JWT implementation pls ?

Thx

MatthewDlr avatar Apr 27 '24 14:04 MatthewDlr