Comments (9)
The SvelteKit steps are updated - they call getSession()
first, and if null
then they return such and do not invoke getUser()
. However, Next docs do not appear to show this.
Check a user's session with getSession() while not logged in, you get the warning.
Which framework are you having this issue with?
from auth-js.
I'm using SvelteKit, but it doesn't matter which Framework you use, as you cannot call getSession
first due to the _saveSession problem mentioned above.
If there is no session, you will get the warning always.
J
from auth-js.
I'm using SvelteKit, but it doesn't matter which Framework you use, as you cannot call
getSession
first due to the _saveSession problem mentioned above.If there is no session, you will get the warning always.
J
Ok, thanks. I assumed that's what you used, based on past interactions.
I ask because I'm using SvelteKit, but I don't have that specific issue when there's no one logged in. Do you have a repro?
from auth-js.
Did you look at the core code and do you see the problem? Are you using getSession
before getUser
?
I can make a repo if necessary, but all you have to do is follow the SvelteKit guide.
The NextJS guide doesn't use getSession
, which means you have to call the extra fetch with getUser
.
from auth-js.
Hmm... I have a test repo that follows the SvelteKit guide, here, but I never see logs unless there is a logged-in user.
from auth-js.
I will check my repo when I get home from work.
However, if there is a logged-in user, why are you still seeing the logs unless it is fixed? If you're seeing it once, it will run multiple times due to how hooks.server.ts
works in Svelte.
J
from auth-js.
Yep, it logs multiple times for me. But only when there's a user logged in.
If I read your description correctly, you're also having issues when a user isn't logged in, correct?
P.S. When auth-js v2.64.3 drops, it will limit the logs; which isn't a great consolation, but makes it a bit less annoying.
from auth-js.
Yep, it logs multiple times for me. But only when there's a user logged in.
I just checked my app on my home project, and it seems I jumped the gun. The warning is only shown when logged in. After re-looking at this code, I believe I see how this is possible on this line.
That means SvelteKit has the correct idea to use getSession()
first, while NextJS is fetching needlessly. The NextJS Tutorial should be updated to call getSession()
first, and only call getUser()
when there is a session to verify. Again, extra fetches can be costly, even for Supabase.
P.S. When auth-js v2.64.3 drops, it will limit the logs; which isn't a great consolation, but makes it a bit less annoying.
- When will auth-js v2.64.3 drop?
- What do you mean limit the log? Shouldn't it ONLY be displayed when a user is calling it incorrectly (not verifying a session)?
J
from auth-js.
I'm not sure about the version timeline. Likely this week.
The limit should keep things calmer. But we're never gonna get rid of it with the current state of SvelteKit and the Supabase ssr layout.ts cookie storage for SvelteKit.
The warning needs to die, but that likely won't happen until Supabase comes out with asymmetric jwts. I hope it happens at that point; or as silentworks suggested: at least don't log it in production.
from auth-js.
Related Issues (20)
- `GoTrueClient` Memory Leak HOT 24
- No recovery email sent after sign up a second time after provider login HOT 1
- Error: Permission denied to access property "then" for Firefox Extensions HOT 1
- supabase.auth.signInWithIdToken() authunknownerror when used on real ios device
- Add missing 'is_anonymous' property to the User type
- Can't get rid of getUser() warning HOT 121
- "User with this email not found" error when using generateLink HOT 9
- Google OAuth doesn't work in Safari with next-js-auth-helpers HOT 1
- New, unsigned in user can not be deleted from supabase console. HOT 1
- [email protected] breaks client auth with edge functions HOT 15
- New error code is missing in error object
- user object warning logged, even when not touching `session.user` HOT 21
- Security and performance risk with `getUser` and `getSession` HOT 6
- Global supabase.auth.signOut() doesn't fire the "SIGNED_OUT" event for onAuthStateChange in other instances where a user is logged in HOT 5
- Current session lost when auth function call fails
- `getSession` should validate the session with the JWT_SECRET HOT 2
- getAuthenticatorAssuranceLevel() triggers "getSession() could be insecure" warnings HOT 1
- PKCE flow issue with other than supabase `code` query in URL
- Still having getSession warning whenever _saveSession is called HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth-js.