We are having a problem where login just gets stuck and times out.
The Supabase JS client (@supabase/auth-js) uses navigator.locks.request()
internally for all auth operations. This lock can enter a "zombie" state where
it's never released — particularly on mobile/PWA, after tab backgrounding, or
after process kills. When this happens, every call through the Supabase
client hangs forever: signInWithPassword(), getSession(), setSession(),
database queries — all of them.
For our build, both /admin/login and /employer/login call supabase.auth.signInWithPassword().
This method internally calls _request() (the actual HTTP call, which works
fine) but then calls _saveSession() and _notifyAllSubscribers() which go
through the lock. If the lock is stuck, the call never resolves and the
spinner spins forever.
The 30-second Promise.race timeout in employer login should catch this, but
the underlying problem remains — even if the timeout fires, the Supabase
client is still frozen for all subsequent operations.
Even if login somehow succeeds:
- EmployerGate calls supabase.functions.invoke('get-employer-access') — hangs
on frozen client
- useAdmin calls fetch() directly (works), but AdminLayout also uses
useSupabaseAuth which relies on onAuthStateChange — may never fire if client
is frozen
- Dashboard pages query supabase.from('employers').select(...) — hangs on
frozen client
- getStoredSession() in authStorage.ts only recognizes {currentSession: ...}
or {session: ...} wrapper format, not the direct session format the Supabase
client actually stores — so on reload, it can't find the session
Does anyone know of a fix for this?
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
- Go to '…'
- Click on '…'
- Scroll down to '…'
- See error
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
System information
- OS: [e.g. macOS, Windows]
- Browser (if applies) [e.g. chrome, safari]
- Version of supabase-js: [e.g. 6.0.2]
- Version of Node.js: [e.g. 10.10.0]
Additional context
Add any other context about the problem here.
We are having a problem where login just gets stuck and times out.
The Supabase JS client (@supabase/auth-js) uses navigator.locks.request()
internally for all auth operations. This lock can enter a "zombie" state where
it's never released — particularly on mobile/PWA, after tab backgrounding, or
after process kills. When this happens, every call through the Supabase
client hangs forever: signInWithPassword(), getSession(), setSession(),
database queries — all of them.
For our build, both /admin/login and /employer/login call supabase.auth.signInWithPassword().
This method internally calls _request() (the actual HTTP call, which works
fine) but then calls _saveSession() and _notifyAllSubscribers() which go
through the lock. If the lock is stuck, the call never resolves and the
spinner spins forever.
The 30-second Promise.race timeout in employer login should catch this, but
the underlying problem remains — even if the timeout fires, the Supabase
client is still frozen for all subsequent operations.
Even if login somehow succeeds:
on frozen client
useSupabaseAuth which relies on onAuthStateChange — may never fire if client
is frozen
frozen client
or {session: ...} wrapper format, not the direct session format the Supabase
client actually stores — so on reload, it can't find the session
Does anyone know of a fix for this?
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
System information
Additional context
Add any other context about the problem here.