Multiple simultaneous log in to the same account

Hi! I have on my platform an impersonation feature that admins can use to log as a user. So on the same account, a user and an admin can be connected

If the Admin then clicks "Log out" it is also logging out the user! I'd like to make the logout to work only by session and not killing everyone. I am using NextJS 15 with Suapabase SSR and here is my code :

// auth.ts ==> Server action
export async function logout() {
    const supabase = await createClient()
    const { error } = await supabase.auth.signOut()

    if (error) {
        redirect(`/error?message=${encodeURIComponent(error.message)}`)
    }

    revalidatePath('/', 'layout')
    redirect(URL.HOME)
}

// auth.ts ==> Server action
export async function logout() {
    const supabase = await createClient()
    const { error } = await supabase.auth.signOut()

    if (error) {
        redirect(`/error?message=${encodeURIComponent(error.message)}`)
    }

    revalidatePath('/', 'layout')
    redirect(URL.HOME)
}

// auth.ts ==> Server action
export async function logout() {
    const supabase = await createClient()
    const { error } = await supabase.auth.signOut()

    if (error) {
        redirect(`/error?message=${encodeURIComponent(error.message)}`)
    }

    revalidatePath('/', 'layout')
    redirect(URL.HOME)
}

// auth.ts ==> Server action
export async function logout() {
    const supabase = await createClient()
    const { error } = await supabase.auth.signOut()

    if (error) {
        redirect(`/error?message=${encodeURIComponent(error.message)}`)
    }

    revalidatePath('/', 'layout')
    redirect(URL.HOME)
}

// dropdown.ts ==> User dropdown, client component triggering the logout
logout: () => {
    logout().then(() => API.supabase.auth.signOut()) // First logout is calling the Server action, then it's about killing the session on client side
}

// dropdown.ts ==> User dropdown, client component triggering the logout
logout: () => {
    logout().then(() => API.supabase.auth.signOut()) // First logout is calling the Server action, then it's about killing the session on client side
}

// dropdown.ts ==> User dropdown, client component triggering the logout
logout: () => {
    logout().then(() => API.supabase.auth.signOut()) // First logout is calling the Server action, then it's about killing the session on client side
}

// dropdown.ts ==> User dropdown, client component triggering the logout
logout: () => {
    logout().then(() => API.supabase.auth.signOut()) // First logout is calling the Server action, then it's about killing the session on client side
}

And here is the "createClient" logic:

export const createClient = async () => {
    const cookieStore = await cookies()

    return await createServerClient(constants.supabase.url, constants.supabase.key, {
        cookies: {
            getAll() {
                return cookieStore.getAll()
            },
            setAll(cookiesToSet) {
                try {
                    cookiesToSet.forEach(({ name, value, options }) => {
                        cookieStore.set(name, value, options)
                    })
                } catch (error) {
                    // The `set` method was called from a Server Component.
                    // This can be ignored if you have middleware refreshing
                    // user sessions.
                }
            },
        },
    })
}

export const createClient = async () => {
    const cookieStore = await cookies()

    return await createServerClient(constants.supabase.url, constants.supabase.key, {
        cookies: {
            getAll() {
                return cookieStore.getAll()
            },
            setAll(cookiesToSet) {
                try {
                    cookiesToSet.forEach(({ name, value, options }) => {
                        cookieStore.set(name, value, options)
                    })
                } catch (error) {
                    // The `set` method was called from a Server Component.
                    // This can be ignored if you have middleware refreshing
                    // user sessions.
                }
            },
        },
    })
}

export const createClient = async () => {
    const cookieStore = await cookies()

    return await createServerClient(constants.supabase.url, constants.supabase.key, {
        cookies: {
            getAll() {
                return cookieStore.getAll()
            },
            setAll(cookiesToSet) {
                try {
                    cookiesToSet.forEach(({ name, value, options }) => {
                        cookieStore.set(name, value, options)
                    })
                } catch (error) {
                    // The `set` method was called from a Server Component.
                    // This can be ignored if you have middleware refreshing
                    // user sessions.
                }
            },
        },
    })
}

export const createClient = async () => {
    const cookieStore = await cookies()

    return await createServerClient(constants.supabase.url, constants.supabase.key, {
        cookies: {
            getAll() {
                return cookieStore.getAll()
            },
            setAll(cookiesToSet) {
                try {
                    cookiesToSet.forEach(({ name, value, options }) => {
                        cookieStore.set(name, value, options)
                    })
                } catch (error) {
                    // The `set` method was called from a Server Component.
                    // This can be ignored if you have middleware refreshing
                    // user sessions.
                }
            },
        },
    })
}

I'm doing no more, no less.

Any idea why this logic is killing all sessions instead of only the one calling signout ? Worth mentionning that the session seams still live on the Client side of the user, but the server session is killed

Many thanks!

Multiple simultaneous log in to the same account

Similar Threads

Similar Threads

Similar Threads