Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session cookie updated in middleware not accessible in server component #11853

Open
nphmuller opened this issue Sep 16, 2024 · 6 comments
Open

Session cookie updated in middleware not accessible in server component #11853

nphmuller opened this issue Sep 16, 2024 · 6 comments
Labels
bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

Comments

@nphmuller
Copy link

nphmuller commented Sep 16, 2024
edited
Loading

Environment


 System:
   OS: macOS 14.6.1
   CPU: (10) arm64 Apple M1 Pro
   Memory: 47.84 MB / 32.00 GB
   Shell: 5.9 - /bin/zsh
 Binaries:
   Node: 20.13.0 - ~/.nvm/versions/node/v20.13.0/bin/node
   npm: 10.8.3 - ~/.nvm/versions/node/v20.13.0/bin/npm
   pnpm: 9.10.0 - ~/Library/pnpm/pnpm
   bun: 1.0.30 - /opt/homebrew/bin/bun
 Browsers:
   Chrome: 128.0.6613.138
   Safari: 17.6
 npmPackages:
   next: ^14.2.2 => 14.2.7
   next-auth: 5.0.0-beta.20 => 5.0.0-beta.20
   react: ^18 => 18.3.1

Reproduction URL

nphmuller/repro-middleware-cookie@d3082fd

Describe the issue

When updating the session cookie in the jwt callback (for example when refreshing an access token) using middleware, the updated session cookie is not available in a server component that gets rendered next, resulting in the access token being refreshed twice.

How to reproduce

nphmuller/repro-middleware-cookie@d3082fd contains a full repro, but this is the gist:

Update the token in the jwt callback like this: (this simulates a token that is valid for 10 seconds)

     if (
         !token.refreshedAt ||
         addSeconds(token.refreshedAt, 10) < new Date()
       ) {
         console.log("refreshing token....")
         token.refreshedAt = new Date()
       }

Make sure next-auth is called via a middleware (already the default in next-auth-example).

Now run nom run dev and open the main page.

Expected behavior

The console output refreshing token.... should be printed once, but it's printed multiple times.

This happens because the new session cookie with the refreshed token, created in the middleware, is not passed to the server component.
@nphmuller nphmuller added bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. labels Sep 16, 2024
@nphmuller nphmuller mentioned this issue Sep 16, 2024
Closed
3 tasks
@nphmuller
Copy link
Author

Opened PR with an initial solution that works functionally, but I'm not sure if the implementation is acceptable. #11854

@nphmuller
Copy link
Author

Ah, it seems there was a PR opened already recently with a solution for this problem... #11829

@EvgeniyKumachev
Copy link

Having same issue

@Rikard-Johansson97
Copy link

I have the same problem also, if someone finds an fix please tag me

@ath88
Copy link

ath88 commented Oct 9, 2024

Sounds like the same problem mentioned in this issue, which is more than 1.5 years old: #6642

There are a few suggested workarounds, see eg. this: #9715 (comment)

@petriaarnio

This comment has been minimized.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Forward cookies set in middleware to next part of request routing nphmuller/next-auth
5 participants
@ath88 @petriaarnio @nphmuller @EvgeniyKumachev @Rikard-Johansson97