Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Current session lost when auth function call fails #904

Closed
2 tasks done
bombillazo opened this issue May 9, 2024 · 1 comment
Closed
2 tasks done

Current session lost when auth function call fails #904

bombillazo opened this issue May 9, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@bombillazo
Copy link
Contributor

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

Currently, the client logic calls _removeSession to clear the session when doing an auth call. If the call fails, the existing session is never restored and is lost, effectively disconnecting the user session.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

  1. Create a supabase client and log in
  2. Call an auth function with invalid parameters
  3. Get the client session

Expected behavior

The existing client session is kept in the event of a fail.

System information

  • Version of supabase-js: 2.64.2
@bombillazo bombillazo added the bug Something isn't working label May 9, 2024
@bombillazo bombillazo mentioned this issue May 9, 2024
Merged
@kangmingtay kangmingtay mentioned this issue Jun 5, 2024
Merged
kangmingtay added a commit that referenced this issue Jun 7, 2024
@kangmingtay
fix: don't call removeSession prematurely (#915)
e0dc518 
## What kind of change does this PR introduce?
* Replaces #854 
* Fixes #853, #904 
* We don't need to remove the existing session prematurely. This causes
some issues when users want to implement some sort of switch-account
functionality since the existing session will always be removed
regardless of whether the signup / sign-in attempt succeeds.
* It's safe to remove `_removeSession` since calling `_saveSession`
multiple times will just replace the existing session
@bombillazo
Copy link
Contributor Author

This was closed with #915

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bombillazo