Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Persistent warning in console: "Using the user object as returned from supabase.auth.getSession()... could be insecure" #343

Open
simon-marcus opened this issue May 28, 2024 · 0 comments
Open

Persistent warning in console: "Using the user object as returned from supabase.auth.getSession()... could be insecure" #343

simon-marcus opened this issue May 28, 2024 · 0 comments

Comments

@simon-marcus
Copy link

Hi folks,

I'm coming across this console warning for any navigation in any logged-in route:

Using the user object as returned from supabase.auth.getSession() or from some supabase.auth.onAuthStateChange() 
events could be insecure! This value comes directly from the storage medium (usually cookies on the server) 
and many not be authentic. Use supabase.auth.getUser() instead which authenticates the data by 
contacting the Supabase Auth server.

Typically the warning is repeated multiple times, badly clogging up the console. I'm aware that some folks on the supabase side are evaluating this here and here, but I haven't yet been able to get any of the fixes to work.

I've used this template in several incarnations, and it's really excellent—thanks for the amazing work.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simon-marcus