magic.user.isLoggedIn() - Safari loses session
vitalii-andriiovskyi opened this issue ยท 3 comments
โ Prerequisites
- Did you perform a cursory search of open issues? Is this bug already reported elsewhere?
- [ ] Are you running the latest SDK version?
- Are you reporting to the correct repository (
magic-sdk
)?
๐ Description
We use magic.user.isLoggedIn()
to identify is a customer logged in or not. Usually when the code calls isLoggedIn()
, the request has the endpoint https://api.magic.link/v3/auth/user/info/retrieve?auth_user_id=...
and we get the correct answer. But when a customer closes Safari browser and opens it, the request is different. The endpoint is https://auth.magic.link/v1/session/refresh
. It always ends with that the session is lost.
The same result we have while just refreshing the page in Chrome in incognito mode (however it's really rear).
Here is the screencast with this: https://drive.google.com/file/d/1zZgbOuztC5Zm-HcN-Tdxw7v2KIYD75EE/view?usp=sharing
The main question here is: is this behaviour correct? If so, how do we have to deal with this?
๐งฉ Steps to Reproduce
$ git clone git@github.com:vitalii-andriiovskyi/example-jwt-issue.git
$ cd example-jwt-issue
$ mv .env.local.example .env.local // enter your Magic API keys
$ yarn install
$ yarn dev
See screencast https://drive.google.com/file/d/1zZgbOuztC5Zm-HcN-Tdxw7v2KIYD75EE/view?usp=sharing
๐ค Expected behavior
The session is saved and a user has no need to log in again
๐ฎ Actual behavior
request https://auth.magic.link/v1/session/refresh
response
{
"data": {},
"error_code": "auth_relayer/UNABLE_TO_REFRESH_SESSION",
"message": "Unable to refresh user session. Please log in using the magic link flow to enable session persistence.",
"status": "failed"
}
๐ป Code Sample
https://github.com/vitalii-andriiovskyi/example-jwt-issue
I forked it from https://github.com/magiclabs/example-jwt
๐ Environment
Software | Version(s) |
---|---|
magic-sdk |
8.1.1 |
Browser | Safari 16.6 (18615.3.12.11.2) |
yarn |
1.22.19 |
Operating System | macOS - 13.5.1 (22G90) |
Software | Version(s) |
---|---|
magic-sdk |
8.1.1 |
Browser | Chrome Version - 116.0.5845.140 (Official Build) (x86_64) |
yarn |
|
Operating System | MacOS |
Hello @vitalii-andriiovskyi ,
The error from the /refresh
endpoint indicates that the user is not logged in and does not have a valid session.
If the user has a valid session there will be a call made to the /retrieve
endpoint.
Privacy focused browsers may clear cache and lose the session, especially in an incognito/private tab.
Here's a code sandbox that you can use to observe the behavior: https://q1jqo1.csb.app
You can sign in with one of the Auth methods and then call isLoggedIn
User method to see if the user is logged in.
Please note that in the sandbox I linked refreshing the page does not lose the session in Safari or Chrome browser, and refreshing the page will lose session in a private/incognito tab. If you're using Braves you may lose session on refresh with Brave Shields enabled.
I will close this issue now. Please feel free to create a new issue or follow up here if you believe this issue is not yet resolved.
Thank you!
Thanks you for explaining how it works.