magiclabs/magic-js

magic.user.isLoggedIn() - Safari loses session

vitalii-andriiovskyi opened this issue ยท 3 comments

โœ… Prerequisites

  • Did you perform a cursory search of open issues? Is this bug already reported elsewhere?
  • [ ] Are you running the latest SDK version?
  • Are you reporting to the correct repository (magic-sdk)?

๐Ÿ› Description

We use magic.user.isLoggedIn() to identify is a customer logged in or not. Usually when the code calls isLoggedIn(), the request has the endpoint https://api.magic.link/v3/auth/user/info/retrieve?auth_user_id=... and we get the correct answer. But when a customer closes Safari browser and opens it, the request is different. The endpoint is https://auth.magic.link/v1/session/refresh. It always ends with that the session is lost.
The same result we have while just refreshing the page in Chrome in incognito mode (however it's really rear).

Here is the screencast with this: https://drive.google.com/file/d/1zZgbOuztC5Zm-HcN-Tdxw7v2KIYD75EE/view?usp=sharing

The main question here is: is this behaviour correct? If so, how do we have to deal with this?

๐Ÿงฉ Steps to Reproduce

$ git clone git@github.com:vitalii-andriiovskyi/example-jwt-issue.git
$ cd example-jwt-issue
$ mv .env.local.example .env.local // enter your Magic API keys
$ yarn install
$ yarn dev

See screencast https://drive.google.com/file/d/1zZgbOuztC5Zm-HcN-Tdxw7v2KIYD75EE/view?usp=sharing

๐Ÿค” Expected behavior

The session is saved and a user has no need to log in again

๐Ÿ˜ฎ Actual behavior

request https://auth.magic.link/v1/session/refresh
response

{
    "data": {},
    "error_code": "auth_relayer/UNABLE_TO_REFRESH_SESSION",
    "message": "Unable to refresh user session. Please log in using the magic link flow to enable session persistence.",
    "status": "failed"
}

๐Ÿ’ป Code Sample

https://github.com/vitalii-andriiovskyi/example-jwt-issue
I forked it from https://github.com/magiclabs/example-jwt

๐ŸŒŽ Environment

Software Version(s)
magic-sdk 8.1.1
Browser Safari 16.6 (18615.3.12.11.2)
yarn 1.22.19
Operating System macOS - 13.5.1 (22G90)
Software Version(s)
magic-sdk 8.1.1
Browser Chrome Version - 116.0.5845.140 (Official Build) (x86_64)
yarn
Operating System MacOS

Hello @vitalii-andriiovskyi ,

The error from the /refresh endpoint indicates that the user is not logged in and does not have a valid session.

If the user has a valid session there will be a call made to the /retrieve endpoint.

Privacy focused browsers may clear cache and lose the session, especially in an incognito/private tab.

Here's a code sandbox that you can use to observe the behavior: https://q1jqo1.csb.app
You can sign in with one of the Auth methods and then call isLoggedIn User method to see if the user is logged in.
Please note that in the sandbox I linked refreshing the page does not lose the session in Safari or Chrome browser, and refreshing the page will lose session in a private/incognito tab. If you're using Braves you may lose session on refresh with Brave Shields enabled.

Hi @vitalii-andriiovskyi ,

I will close this issue now. Please feel free to create a new issue or follow up here if you believe this issue is not yet resolved.

Thank you!

Hi @am-hernandez

Thanks you for explaining how it works.