Skip to content

feat: introduce experimental split user and session storage #1023

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jun 4, 2025
Merged

feat: introduce experimental split user and session storage #1023

merged 7 commits into from
Jun 4, 2025

Conversation

hf
Copy link
Contributor

@hf hf commented Jan 16, 2025

A common complaint when using Supabase in SSR is that the cookie size is huge. Some server configurations are not able to use such large cookies.

A major contributor to cookie size is that the user object is stored alongside the access and refresh tokens. This object should not be used on the server but nevertheless has to exist to make this library happy.

This change introduces the ability for this library to store the user object in a separate storage location. For now it's experimental mode to be proofed before being widely adopted.

How does it work?

You can initialize the client by passing in a new option userStorage in addition to the already existing and optional storage option. By default userStorage is not set and a single storage is used for all elements of the session (including user property).

If userStorage is set, all future changes to the session will write the user there, and the rest of the session object to storage.

Unsolvable Problems

Say you set up the client like so:

new GoTrueClient(URL, {
  // ...
  storage: cookieStorage,
  userStorage: window.localStorage,
})

On the server, the cookies -- obviously -- will not contain the user object. Because the Session type defines user: User as non-nullable, attempting to access a property on this object will throw an exception. Instead you should always call getUser() to fetch a trusted and fresh user object. This problem will be solved in v3 of this library.

Testing

This PR can be used to test this PR before merging. Merging should be safe as this is opt-in behavior for now.

@hf hf mentioned this pull request Jan 16, 2025
Open
@hf hf force-pushed the hf/introduce-split-session-and-user-storage branch from b9b1d39 to 6d757c8 Compare January 16, 2025 14:51
@hf hf force-pushed the hf/introduce-split-session-and-user-storage branch from 6d757c8 to a924a9d Compare January 16, 2025 15:04
cemalkilic
cemalkilic reviewed Jun 3, 2025
View reviewed changes
hf
hf commented Jun 3, 2025
View reviewed changes
@cemalkilic cemalkilic force-pushed the hf/introduce-split-session-and-user-storage branch from 34fcef0 to 33848e3 Compare June 3, 2025 12:55
@hf hf merged commit e7b2f21 into master Jun 4, 2025
6 of 7 checks passed
@hf hf deleted the hf/introduce-split-session-and-user-storage branch June 4, 2025 07:57
@github-actions github-actions bot mentioned this pull request Jun 4, 2025
Merged
@cemalkilic cemalkilic mentioned this pull request Jun 5, 2025
Merged
@hf hf mentioned this pull request Jun 6, 2025
Merged
hf added a commit that referenced this pull request Jun 6, 2025
@hf
fix: handle null current session with split session storage (#1071)
bc6192a 
Due to bad typing the `null` case of a missing session when using the
`userStorage` option introduced in #1023 caused a crash.
hf pushed a commit that referenced this pull request Jul 14, 2025
@github-actions
chore(master): release 2.71.0 (#1070)
c6cee20 
🤖 I have created a release *beep* *boop*
---


##
[2.71.0](v2.70.0...v2.71.0)
(2025-07-10)


### Features

* fallback to `getUser()` if the `kid` of the JWT is not found
([#1080](#1080))
([9721f60](9721f60))
* introduce experimental split user and session storage
([#1023](#1023))
([e7b2f21](e7b2f21))
* make `getClaims()` non experimental, add global cache
([#1078](#1078))
([ffe13d7](ffe13d7))
* remove solana dependency by inlining types
([#1079](#1079))
([7665f94](7665f94))


### Bug Fixes

* handle null current session with split session storage
([#1071](#1071))
([bc6192a](bc6192a))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@cemalkilic cemalkilic mentioned this pull request Jul 17, 2025
Merged
hf pushed a commit that referenced this pull request Jul 17, 2025
@cemalkilic
fix: use JSON-based deep clone instead of structuredClone (#1084)
9a6edb9 
Not all JS runtimes support `structuredClone` (introduced in
#1023). (Example:
supabase/supabase-js#1504)

- As the session data is safe to JSON serialize, replace
`structuredClone` use with JSON de/serialize.
- Added the helper function to increase the readability (making the
intent clear).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cemalkilic cemalkilic cemalkilic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hf @cemalkilic