Hello wewebers ! I currently have big troubles and i would appreciate your help !
I think this error comes from supabase not refreshing the user session
What is the error(s) :
When i try fetching data from weweb that has RLS on the auth.id ( (( SELECT auth.uid() AS uid) = id))
Does not work after 1 hour (i think session expired)
Error in the logs (here for fetching data only visible by a user based on a join table) :
name: "Error"
code: "22P02"
details: null
hint: null
message: "invalid input syntax for type uuid:
Error when fetching profiles : there are RLS to only allow a user based on his id to select (so no filters on the fetch) and it returns nothing, causing big errors in my global flows !
When I go in the supabase auth pluggin, i however have âuser isAuthenticated : trueâ But the expires_at value is old (was 20 min aged)
My clue is it comes from supabase & RLS !
Also, weirdest : i tried using the supabase extension : âRefresh Sessionâ and the error logged :
name: "Error"
stack: "Error: Auth session missing! at Object.refreshSession (https://cdn.weweb.io/components/1fa0dd68-5069-436c-9a7d-3b54c340f1fa/124a427e-c801-484e-aa3f-3f1863963fa5/dist/manager.js:1:160863) at async S (https://editor-cdn.weweb.io/public/js/index.c1838562.js:1:434002) at async I (https://editor-cdn.weweb.io/public/js/index.c1838562.js:1:418550) at async I (https://editor-cdn.weweb.io/public/js/index.c1838562.js:1:418815) at async L (https://editor-cdn.weweb.io/public/js/index.c1838562.js:1:417070)"
message: "Auth session missing!"
cause
__isAuthError: true
name: "AuthSessionMissingError"
status: 400
code: undefined
AND : âfetch userâ returns a success âŠ
Anyone has a clue ? it causes huge trouble and i had to take my app offline !
I could disable the RLS but it is really bad for my usecase âŠ.
Hi @Philibert I empathize with you my project has that same EXACT issue. Very annoying.
I am sure the Weweb team will fix it eventually. But pending that. Hereâs how I solved it. My app is Enterprise B2B. So if yours is similar, might work
My solution was to insert ârefresh token sessionâ actions at the end of every single workflow. Since itâs a small price to pay, but it ensures your token never gets too old to the point where itâs unable to work. So, tab nav, button click, EVERYTHING ends with a token refresh. Supabase doesnât limit how much you can refresh a token anyways, plus it ensures the token is never older than a few seconds to minutes at most.
I CLEARLY told my users that the way my app works is that if they are inactive for more than. 15 minutes my server logs them out. And when it does that they simply need to hit the logout button and re-login again.
So most times when they themselves run into the âbugâ they remember the 15 minutes rule I told them and just do it without complaining.
Now in my own case this works because my use case is a high-security one, so they appreciate getting logged out after brief periods of inactivity, especially since loging back in is quick and painless.
Unfortunatelly, in my case, I cannot logout users like that, and adding the ârefresh sessionâ is not enough (would still need to logout users, like you do)
I really require high speed and no crash (and if this part fails/crashes, it messes up my whole app)
It really is a shame. For how long have you been experiencing this ? It really is a big issue being the base of an app âŠ
@Broberto@Joyce sorry to bother you guys but do you have any clues ?
Well in my case I noticed the issue from development, before launch. So I kept thinking of the best way to fix it.
I think logging users out after inactivity is a feasible solution. Many app users understand that behavior and you simply spin it as a security measure.
The session time out issue only occurs if the app is not being actively used to fetch data. That, I am pretty certain about.
If your users are using the app actively, clicking, fetching data etc. it doesnât time them out (at least thatâs been my experience)
Simply craft a painless way for them to login. Perhaps instead of having âloginâ only happen on your login page. Bring it everywhere in a model widget. There are no optimal solutions as far as I can tell to the issue so youâll need to figure a workable business solution.
Just for some encouragement, my project has now gone into itâs 3rd different country and of course there are occasional issues from time to time, but the need to login after 10-15 minutes of inactivity is not one of them. Users stick around if they understand why something is happening.
Hello, I think you guys could check at different intervals via a global workflow that the token / session is valid, and if itâs not, then just refresh, right?
I thought about making an on app load workflow that refreshed the session every 15 minutes. (with a while loop) but i dont really like it
Also, as @AgentD, it happends after inactivity ⊠Therefore I think the workflow wouldnot run
About refreshing if timedout, the issue is that if i try to refresh i have the error :
name: "Error"
stack: "Error: Auth session missing! at Object.refreshSession (https://cdn.weweb.io/components/1fa0dd68-5069-436c-9a7d-3b54c340f1fa/124a427e-c801-484e-aa3f-3f1863963fa5/dist/manager.js:1:160863) at async S (https://editor-cdn.weweb.io/public/js/index.c1838562.js:1:434002) at async I (https://editor-cdn.weweb.io/public/js/index.c1838562.js:1:418550) at async I (https://editor-cdn.weweb.io/public/js/index.c1838562.js:1:418815) at async L (https://editor-cdn.weweb.io/public/js/index.c1838562.js:1:417070)"
message: "Auth session missing!"
cause
__isAuthError: true
name: "AuthSessionMissingError"
status: 400
code: undefined```
I really do not know what to do ...
[UPDATE] :Hey there ! I have been running tests reducing the token validity in supabase to reproduce the bug
Possible :
Disable The RLS that bother me (but wont solve everything since user session is not valid)
Make a global workflow on app load, while true refresh session, wait 15 min (wontât solve it if user is not active ?..⊠will make the app heavier)
=> Increase the token validity to 1 day/1 week/month ? (not so safe ? but could help a lot, i could add logic to refresh it like option 2. To make sure the token is renewed when session is active)
Add on all workflows : if token expires at < date.now, refresh session (does not work so well because canât find the session)
=> Add a backend logic to refresh the token every 15 minutes like a CRON job (i think it is not possible to do it in the backend and should be done front-side but it would be the best)
Try the âsupabase.auth.startAutoRefresh()â - example in react Native here : JavaScript API Reference | Supabase Docs - Iâm not sure it would change a thing
PS : Also remember my issue : it does not refresh but says the user is authenticated (â RLS issue) if innactive for like 1 day then I am logged out
To me, options 3 and 5 would be the best, any clues ?
.