Session and JWT callback is called twice with the SessionProvider

[Natchii59]

Environment

System:

• OS: macOS 13.4.1
• CPU: (8) arm64 Apple M1
• Memory: 274.78 MB / 8.00 GB
• Shell: 3.6.1 - /opt/homebrew/bin/fish

Binaries:

• Node: 18.12.1 - ~/.local/share/nvm/v18.12.1/bin/node
• npm: 8.19.2 - ~/.local/share/nvm/v18.12.1/bin/npm
• pnpm: 8.6.7 - /opt/homebrew/bin/pnpm

Browsers:

• Chrome: 115.0.5790.114
• Safari: 16.5.2

Reproduction URL

https://github.com/Natchii59/next-chat

Describe the issue

I would like to update my JWT data, and for that I need to put the SessionProvider at the root of the page. To then use the useSession which gives access to the update function. The problem is that it creates 2 calls to the jwt and session callbacks each time the page is refreshed. How to fix this?

How to reproduce

Add a SessionProvider to the project and put a console.log in a NextAuth options callback.

Expected behavior

I wish I didn't have callbacks double call with a SessionProvider. Or another way to update my JWT data without using SessionProvider.

[18888628835]

the same as you

[petejodo]

hard to tell if this is the I'm seeing but I'm seeing something similar whenever the user comes back to the tab and a session is retrieved via a visibilitychange event. What's happening is that a broadcast occurs as a result of retrieving the session which the active tab that already retrieved the session also receives that broadcast message and triggers another session retrieval. Potentially, other code paths like update can be causing the same behavior which it triggers a broadcast and the active tab unnecessarily handles that broadcast message

[petejodo]

stepping through the code for the visibiltychange example

1. visibilitychange calls _getSession
2. _getSession calls getSession with broadcast set to `true
3. getSession triggers broadcast
4. broadcast handler triggers another _getSession call

due to the broadcast handler calls _getSession with storage event, it prevents any more session retrievals from happening

[petejodo]

this is impacting v5.0.0-beta.5

[Denoder]

the solution here would be to edit this line:

next-auth/packages/next-auth/src/react.tsx

Line 400 in 9a5416b

__NEXTAUTH._session = await getSession()

and make it:

__NEXTAUTH._session = await getSession({ broadcast: false })

since getSession by default calls storage to broadcast, the visibiltychange gets called calls getSession({ broadcast:false }), it doesn't loop back into a storage broadcast, but instead just updates the user and ends at that, so everything else that explicitly calls storage will only do it once, and every other event name will have broadcast off and call once.

[GSTJ]

Using this pnpm patch for now. It prevents storage from being called on the first storage call, just subsequent runs. Solved my two request issues while keeping this storage functionality.

diff --git a/react.js b/react.js
index fc8f8305ea8c5857547154ee3ee136a77e5e8853..44c38d6a428daf33d46b9217ae2943b6c83e1987 100644
--- a/react.js
+++ b/react.js
@@ -289,8 +289,15 @@ export function SessionProvider(props) {
             __NEXTAUTH._getSession = () => { };
         };
     }, []);
+    const isFirstCall = React.useRef(true);
     React.useEffect(() => {
-        const handle = () => __NEXTAUTH._getSession({ event: "storage" });
+        const handle = () => {
+            if (isFirstCall.current) {
+                isFirstCall.current = false;
+                return;
+            }
+            __NEXTAUTH._getSession({ event: "storage" })
+        };
         // Listen for storage events and update session if event fired from
         // another window (but suppress firing another event to avoid a loop)
         // Fetch new session data but tell it to not to fire another event to

[dBianchii]

I am getting this on 5.0.0-beta.29