New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Next13/App directory]: Root layout requires refresh for middleware to detect session with signInWithPassword() #393
Comments
This issue was not a bug in either supabase or nextjs. This is expected behavior of the
This fix is to prevent prefetching which defeats the purpose of using or the better solution, prevent middleware preflight cache:
|
@hjaber can you share how you implemented the x-middleware-cache header? My implementation doesn't work:
|
No luck either. I ultimately didn't think it was an elegant solution to rerun middleware on every single route change so I decided not to continue this path. For now, I reverted back to a provider context until vercel adds read/write cookies with server components. Or a better way to cache the auth in server components. |
Bug report
After authenticating with
signInWithPassword()
, you must refresh the page for middleware to pick up the session.The example repo in the supabase auth helpers does not require a refresh because it utilizes an
<a>
instead of<Link> from "next/link"
.<a>
will force the root layout to refresh on navigating while<Link>
does notI believe that
signInWithPassword()
is not an OAuth redirect method, so I thought the server should be able to access the session immediately. See @thorwebdev's comment regarding OAuth (redirect methods).If this is not the case, please close my issue.
To Reproduce
Clone this repo or follow the docs to create a Next.js 13 with the app directory. Login in with
signInWithPassword()
and then navigate using a<Link>
to a route protected by middleware/required-session
Expected behavior
After logging on with
signInWithPassword()
, middleware should be able to detect the session without refreshing the root layout. Middleware cannot auth guard APIs or protected routes unless the user manually refreshes. A benefit of Nextjs.13 app directory, is to avoid refreshes so data is cached.Screenshot
auth.middleware.mov
System information
"@supabase/auth-helpers-nextjs": "^0.5.2"
"@supabase/supabase-js": "^2.1.1"
next": "13.0.6"
The text was updated successfully, but these errors were encountered: