Persistent warning in console: "Using the user object as returned from supabase.auth.getSession()... could be insecure"

[simon-marcus]

Hi folks,

I'm coming across this console warning for any navigation in any logged-in route:

Using the user object as returned from supabase.auth.getSession() or from some supabase.auth.onAuthStateChange() 
events could be insecure! This value comes directly from the storage medium (usually cookies on the server) 
and many not be authentic. Use supabase.auth.getUser() instead which authenticates the data by 
contacting the Supabase Auth server.

Typically the warning is repeated multiple times, badly clogging up the console. I'm aware that some folks on the supabase side are evaluating this here and here, but I haven't yet been able to get any of the fixes to work.

I've used this template in several incarnations, and it's really excellent—thanks for the amazing work.