Convex Auth session keeps dying
Hi,
My app session keeps dying out of nowhere. It happens ~daily (interestingly, usually happens at the same time as on the Convex Dashboard).
Most of the times I open the browser (Arc) and both my app and Convex Dashboard are logged out, so I re-sign-in on both. Sometimes it happens while I'm using it (did just now).
When it happens, both JWT and refreshToken are still set on localStorage (3rd image). I see nothing on server logs besides my queries suddenly rejecting auth.
I've been trying to understand session duration behavior for a while but I feel I'm kinda lost. Any advice would be appreciated.
auth.ts
auth.config.ts
29 Replies
My goal is keep users signed-in indefinitely like social media apps.
I think @erquhart is slowly becoming a world expert on this issue. he might have something to add
When you open your app and it's on the sign in screen, have you tried refreshing without signing in?
The client can get into a state where it believes it's not authenticated, and is sending requests with an old token, which can happen for a few reasons (which I'm looking into). When this happens, refreshing the browser fixes the client auth state. If you can confirm whether this works for you, that'll help narrow down.
The Convex dashboard is a separate thing, let's troubleshoot your app specifically here.
I'm 99% sure I did, but will try again to get 100%
ofc!
I mentioned it because since I sign-in to both of them almost simultaenously and they usually break together, it might have the same root cause?
just worth noting
Just to check -- the error in your logs looks an awful lot like https://docs.convex.dev/auth/debug#ctxauthgetuseridentity-returns-null-in-a-query
Which means you're calling a query that requires auth without gating in behind an
<Authenticated> component (or the convex/react useConvexAuth hook).
Every time your app opens, the Convex client needs to propagate the auth stored in your client to the Convex server before it can run any functions that require auth (that's what the <Authenticated> component is for). This has to happen regardless of whether the auth information in your client (in this case, in local storage) is valid and up to date or not.
Just going off of logs, this looks like it could be a case where the auth state is always valid and up to date, but we're just calling the queries too early before the convex server has been given time to receive the auth state.Debugging Authentication | Convex Developer Hub
You have followed one of our authentication guides but something is not working.
that's not the case @sshader
those calls are 100% happening inside
<Authenticated/>
logs look like that because the query I'm using throw new Error('Task not found') if no users was found through getAuthUserId()all authenticated queries first call this
if this one throws, the whole thing purposefully fails
the behaviour I see is:
- I make the page active
- Some data was stale, so it fetches
- fetch fails because
getAuthUserId did not return
then it gets redirected to <Unauthenticated>those calls are 100% happening inside <Authenticated/>Cool this is the thing I wanted to confirm -- because if there were any calls outside of an
Authenticated component, that would be consistent with everything you've shared so far (but mean that auth is getting updated correctly)Let me know if you're able to confirm this. There are a number of race conditions where the convex client will change it's state to unauthenticated, but the user actually has a valid token. Refreshing in these cases will take you to an authenticated state. I haven't yet encountered an auth bug where the user is actually logged out unexpectedly and stays logged out after a refresh.
hi, literally just happened
this is before refreshing
I was inspecting server logs, when I switched tabs it was on the
<Unauthenticated> route. No client-side logs, server-logs just as previously shared
the refreshToken is just gone somehow
JWT was still valid
But when you refreshed, was it logged in?
also you can set
verbose: true on the convex react client to get more logs
The token still being valid tells me this was a client state issueno
oh, nice tip, will try
I got this! Any tips? 😬
And after this is the user logged out, or does the session silently die?
I goes straight into
<Unauthenticated> routeHaven't seen this happen unexpectedly, need to find a way to repro. Is this specifically happening to a browser tab that has been in the background for some period of time, or on fresh load?
randomly
rarely on fresh load
but sometimes Im using it
and it suddently breaks
Huh. I wonder if this is related to the issue I'm having. About every other time I hard reload my page, my queries will throw Unauthenticated.
I'm logged in for all of these, just hitting CMD-R
Ahh! I think this just solved the problem for me:
https://docs.convex.dev/auth/debug#ctxauthgetuseridentity-returns-null-in-a-query
Debugging Authentication | Convex Developer Hub
You have followed one of our authentication guides but something is not working.
yeah, definitely not my case
anyone know what the "reuse window" would be?
a client's refresh token can mostly just be used once, it's used to get a new JWT and a new refresh token.
But there's an exception, in case the client tried to use the refresh token but then died or disconnected. The refresh token is allowed to be used for 10 extra seconds, that's the reuse window.
@igor9silva we're actively looking at this bug, or at least one that's very similar
nice, thanks for letting me know
I found that prop today, tried increasing to see if something changes
