Hi, I'm using the

auth-helpers

for NextJS and not sure if my issue is a bug or expected behavior. The app is a simple todo list with authentication. But once I'm signed-in and if I sign out in another tab, I'm still able to write to the table by creating new todos in the first tab. Is this expected?

Hello @sbr! This thread has been automatically created from your message in #843999948717555735 a ``few seconds ago``. Pinging @User so that they see this as well! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ... menu) and select Leave Thread to unsubscribe from future updates. Want to change the title? Use the

/title

command! We have solved your problem? Click the button below to archive it.

I believe at present, with the way the auth helpers work, localstorage isn't being used to track auth state. So with Nextjs when you sign out, an API route function is clearing your cookies, but that doesn't clear the session state in your React clients. Meaning the React client in your other tab still has it's auth keys, which are still valid for making requests to the Supabase services.

Able to write even after sign-out

so I would start by investigating the auth helpers source to verify if that's true, after which it might be worth exploring ways to sync the client context across browser tabs

@User I looked at the code and your absolutely right about how

auth-helpers

work. Cookies instead of localstorage is being used to store the credentials so

onAuthStateChanged()

doesn't trigger in all pages even when the auth state has changed

@sbr can you clarify what you mean with updated user object? The user object is cached via the access-token-cookie. If you want to get the actual current user object state (e.g. after updating user metadata etc) you will need to call

getUser()

Maybe can you outline what you're trying to do? Might be easier to point you in the right direction then.

Hey @User , this is what I'm trying to do with auth-helpers in my app - User is authenticated and navigates to page "a" - Page "a" gets the user object by

const {user, error} = useUser()

- User goes to page "b" and then logs out of the app My question is, should page "a" refresh/update since we have the

useUser()

hook in page "a" and the state would have changed? I presumed that since

setUser(user=null)

gets called on user logout https://github.com/supabase-community/supabase-auth-helpers/blob/next/src/react/components/UserProvider.tsx#L58 and

useUser()

gives us the user context https://github.com/supabase-community/supabase-auth-helpers/blob/next/src/react/components/UserProvider.tsx#L115, page "a" should update/refresh when the user logs out

maybe that react context provider should be tracking it's state in local storage and subscribe to events on when that value changes, so that it can sync the user session in the client across browser tabs. Not sure how you'd accomplish that, but could be an approach to investigate

Yes @User, that could be done too. But is the reason the useUser() hook not updating the page because of a bug?

well, I don't think there's any navigation events inside of that hook, so a change in auth state wouldn't cause it to navigate away or anything.. All I see in the implementation is that there's a useEffect hook that triggers anytime there's a navigation event, which re-fetches the user session from the server. Let's say pages

a

and

b

are in separate tabs. Navigating from

a

to

b

triggers the useUser hook to refetch the session. But there's nothing about what's happening in tab

b

that will cause tab

a

to re-render, much less trigger a refresh of the useUser hook. So it's not a bug, the current implementation just isn't built to have the behavior you're expecting out of it

Yes, exactly. automatically logging users out across different open tabs is not something I see enough value in to justify usage of localStorage. @sbr feel free to outline why you think this is so crucial.