Giter Club home page Giter Club logo

Comments (3)

charislam avatar charislam commented on September 26, 2024 1

Hi @ThomasBurgess2000, the point of this is to make sure server components that are called downstream have the updated cookies. Otherwise they may see a stale JWT and attempt to refresh it themselves, but since the JWT has already been refreshed by the middleware, Supabase Auth will interpret this as a potentially malicious actor trying to reuse a refresh token and log the user out.

You can see that the updated request, with the new cookie header, is passed to NextResponse.next.

response = NextResponse.next({
  request: {
    headers: request.headers,
  },
})

from supabase.

ThomasBurgess2000 avatar ThomasBurgess2000 commented on September 26, 2024

Interesting, what you're saying makes sense, but we actually had the opposite experience.

We copied the docs, and had an issue where the user would be logged out every hour (when the JWT expired, and a refresh was attempted).

Removing

request.cookies.set({
            name,
            value,
            ...options,
          })
          response = NextResponse.next({
            request: {
              headers: request.headers,
            },
          })

leaving just

let response = NextResponse.next({
    request: {
      headers: request.headers,
    },
  });

  const supabase = createServerClient<Database>(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
    {
      cookies: {
        get(name: string) {
          return request.cookies.get(name)?.value;
        },
        set(name: string, value: string, options: CookieOptions) {
          response.cookies.set(name, value, options);
        },
        remove(name: string, options: CookieOptions) {
          response.cookies.set(name, "", options);
        },
      },
    },
  );

fixed this for us.

But now I'm not sure why that worked.

from supabase.

ThomasBurgess2000 avatar ThomasBurgess2000 commented on September 26, 2024

seems this issue might be related supabase/ssr#36

from supabase.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.