client-login: hard reload to /contributor instead of setSession+router.push
The previous attempt at hydrating the Supabase browser client via supabase.auth.setSession() was racing against the server-set cookie. The server cookie was written with Path=/; SameSite=Lax (no Secure flag — Next.js cookies().set defaults), but the browser supabase client's setAll handler writes cookies with Secure; SameSite=None. The two writes for the same cookie name produced inconsistent state. Drop setSession + router.push entirely. Instead, do a hard window.location.href = '/contributor' redirect after a successful POST. The server renders /contributor with the freshly-set auth cookie; the browser supabase client boots up reading it from document.cookie on page load. No client-side hydration race.
This commit is contained in:
@@ -33,20 +33,14 @@ export default function ClientLoginPage() {
|
||||
return;
|
||||
}
|
||||
|
||||
// Hydrate Supabase client with the session from the API response so
|
||||
// AuthContext picks it up immediately and the next render of
|
||||
// /contributor sees an authenticated user (no flash of logged-out
|
||||
// state, no race against cookie propagation).
|
||||
if (data.session?.access_token && data.session?.refresh_token) {
|
||||
await supabase.auth.setSession({
|
||||
access_token: data.session.access_token,
|
||||
refresh_token: data.session.refresh_token,
|
||||
});
|
||||
}
|
||||
|
||||
// Redirect to contributor dashboard (fresh session in AuthContext)
|
||||
router.push('/contributor');
|
||||
router.refresh();
|
||||
// The wp-login API has already set the supabase session cookie via
|
||||
// its NextResponse. Do a HARD reload to /contributor so the server
|
||||
// re-renders with that cookie and the browser supabase client
|
||||
// boots up reading it from document.cookie. Avoids the cookie-flag
|
||||
// mismatch that happens if we try to setSession() client-side
|
||||
// (browser client writes Secure;SameSite=None, server writes
|
||||
// SameSite=Lax — they conflict).
|
||||
window.location.href = '/contributor';
|
||||
} catch (err: any) {
|
||||
setError(err.message || 'An error occurred');
|
||||
console.error('Login exception:', err);
|
||||
|
||||
Reference in New Issue
Block a user