Unexpected Supabase Auth Session Logout After 2–3 Seconds (email and OAuth)
I’m seeing a new issue in my React + Vite app where Supabase auth (email/password and OAuth) signs users in successfully but then automatically signs them out 2–3 seconds later—no error is shown.
Steps to Reproduce
1. User signs in (email/password or OAuth).
2. Supabase returns a valid session and access token.
3. After ~2–3 seconds, an
SIGNED_OUT event fires and the session is cleared.
Expected
Users stay signed in until they explicitly sign out or the JWT expires.
Actual
The session is removed almost immediately after login.
---
Environment
* @supabase/supabase-js ^2.49.4
* vite ^5.4.1
* React + Vite
* Node.js (current LTS)
* Browsers: Chrome / Firefox / Edge
Auth Client Initialization
Key Hooks
---
What I’ve Tried
* Confirmed persistSession: true.
* No errors in console/network.
* Env vars look correct.
* No stray sign-out logic elsewhere.
Questions
1. Are there known issues or config tweaks that could force immediate sign-outs?
2. Could cookie, CORS or SameSite policies be wiping the session?
3. Any extra logging or debug flags in @supabase/supabase-js to trace why SIGNED_OUT is triggered?
Any pointers or debugging tips appreciated—thanks!26 Replies
// Check for first-time user and handle welcome email
useEffect(() => {
if (!session || !initialized) return;
const checkFirstTimeUser = async () => {
try {
const profileData = await fetchProfile(session.user.id);
const isFirstTime = isFirstTimeUser("SIGNED_IN", session, profileData);
if (isFirstTime) {
setIsFirstLogin(true);
await handleWelcomeEmail(session, profileData);
} else {
setIsFirstLogin(false);
}
} catch (error) {
console.error(
"[useSupabaseAuth] Error checking first time user:",
error
);
setIsFirstLogin(false);
}
};
// Only check on new sessions, not on every render
if (session && !isFirstLogin) {
checkFirstTimeUser();
}
}, [session?.user.id, initialized, isFirstTimeUser, handleWelcomeEmail]);
const signInWithGoogle = async () => {
const { data, error } = await supabase.auth.signInWithOAuth({
provider: "google",
options: {
redirectTo: window.location.origin,
},
});
if (error) {
console.error("[useSupabaseAuth] Google sign-in error:", error);
}
return { data, error };
};
Any chance the signOut button is getting silently clicked by React, or prefetched if it's a link?
I've cross checked the codebase for any randoms calls for await supabase.auth.signOut(); and discovered that it's only on funcs that're manually called like signout btn, etc.
I see similar behaviour every once and a while in one of my supabase auth apps as well. Can't seem to pinpoint why. Does Supabase do any type of checks on a users account? Don't know too much about the Supabase at this point to make an informed comment. But would love to dig deeper to see if it's something that might be in my control to fix
Pls, they do need to look into this, I don't understand how my app auth suddenly started logging my users out after couple of secs. The code was working perfectly well and then just suddenly started this behavior, I've checked the codebase and still can't really understand the root of the problem, what should I do cause my entire app is contolled with supabase auth???
Thanks @GlassHouse
Regarding debugging: you can set the
auth: { debug: true } optionWhat code is inside of your
supabase.auth.onAuthStateChange? sharing partials and leaving out some detail isn't very helpful when asking for help. It's also better to have a reproducible example repo.I should have done that 🙏
Let me drop more details
These covers all the details
@Wilson Ibekason can you please stop posting the same thing in multiple channels. If you do so again your account will go into timeout as it's considering spamming.
@silentworks I understand and won't post again, but I would appreciate any response, I've provided more context. The problem is affecting not just me but my users
You aren't guaranteed a response in any set timeframe on here. It's a user helping user platform.
It's OK, just wanted to know if it's a supabase issue, it's been quite a long I utilized supabase Auth.
How are you verifying that your user is signed in? have you checked that there is an entry in your browser's localStorage?
It won't be as we would have had more users on here running into the issue if it was a Supabase Auth issue. It's more likely an application implementation issue.
It's doesn't use localstorage but cookies, it gets cleared out after couple of secs
But you mentioned React+Vite which would signify a client side app, why would this be using cookies?
So you are seeing the cookie being set and then cleared?
I dropped more detailed code to provide better context
This is just a bunch of files that won't make much sense to me as It's not my application.
Exactly, immediately it's set, it's been cleared out after some couple of secs 6-10sec
I was asking about the
.onAuthStateChange as it doesn't like when you do await inside of it as stated in the docs and this can cause odd behaviour.
You mentioned you are using cookies but none of the Gists your povide shows it using cookies. Your client is created here https://gist.github.com/wilsonibekason/56be11ce7b74def755381a21139c175d#file-client and there is no cookie configuration in it.
I would suggest that you create a GitHub repo with a minimal reproducible example. This way it will be easier for someone to look into it.Could u share me some docs reference
If you look in the Javascript reference docs on the Supabase website you will see a note in the
onAuthStateChange method.This is actually my forst time integrating with react, I previously do integrate with next, so is kinda confusing
Ok
I have a react example here you can take a look into https://github.com/silentworks/supabase-by-example/tree/main/react
Can u provide me some practices on integrating supabase Auth on a react app, I can go ahead and debug it myself.
Thanks