client-login: hard reload to /contributor instead of setSession+router.push
The previous attempt at hydrating the Supabase browser client via supabase.auth.setSession() was racing against the server-set cookie. The server cookie was written with Path=/; SameSite=Lax (no Secure flag — Next.js cookies().set defaults), but the browser supabase client's setAll handler writes cookies with Secure; SameSite=None. The two writes for the same cookie name produced inconsistent state. Drop setSession + router.push entirely. Instead, do a hard window.location.href = '/contributor' redirect after a successful POST. The server renders /contributor with the freshly-set auth cookie; the browser supabase client boots up reading it from document.cookie on page load. No client-side hydration race.
This commit is contained in:
@@ -33,20 +33,14 @@ export default function ClientLoginPage() {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Hydrate Supabase client with the session from the API response so
|
// The wp-login API has already set the supabase session cookie via
|
||||||
// AuthContext picks it up immediately and the next render of
|
// its NextResponse. Do a HARD reload to /contributor so the server
|
||||||
// /contributor sees an authenticated user (no flash of logged-out
|
// re-renders with that cookie and the browser supabase client
|
||||||
// state, no race against cookie propagation).
|
// boots up reading it from document.cookie. Avoids the cookie-flag
|
||||||
if (data.session?.access_token && data.session?.refresh_token) {
|
// mismatch that happens if we try to setSession() client-side
|
||||||
await supabase.auth.setSession({
|
// (browser client writes Secure;SameSite=None, server writes
|
||||||
access_token: data.session.access_token,
|
// SameSite=Lax — they conflict).
|
||||||
refresh_token: data.session.refresh_token,
|
window.location.href = '/contributor';
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
// Redirect to contributor dashboard (fresh session in AuthContext)
|
|
||||||
router.push('/contributor');
|
|
||||||
router.refresh();
|
|
||||||
} catch (err: any) {
|
} catch (err: any) {
|
||||||
setError(err.message || 'An error occurred');
|
setError(err.message || 'An error occurred');
|
||||||
console.error('Login exception:', err);
|
console.error('Login exception:', err);
|
||||||
|
|||||||
Reference in New Issue
Block a user