Skip to content

Commit

Permalink
fix(backend): Fix issue with FAPI suffixed cookies disabled
Browse files Browse the repository at this point in the history 
For production instances that use the latest ClerkJS and backend
SDKs if the FAPI suffixed cookies are disabled, in every page
refresh a handshake is triggered.
To fix this we should use the un-suffixed cookies when the suffixed
session exists but the suffixed client_uat does not exist.
  • Loading branch information
@dimkl
dimkl committed Jul 23, 2024
1 parent 2446503 commit aef391c
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions packages/backend/src/tokens/authenticateContext.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,14 @@ class AuthenticateContext {
}
}

// In case of incorrectly setup suffixed cookies (session exists but client_uat missing)
// let's use the un-suffixed cookies to keep the existing behavior.
// This case can be reproduced for production instances when new ClerkJS and backend SDK
// are used but the FF in FAPI is disabled
if (!suffixedClientUat && suffixedSession) {
return false;
}

return true;
}

Expand Down

0 comments on commit aef391c

Please sign in to comment.