revert(clerk-js): drop Session.ts monotonic guards

The Session.ts guards at #_getToken cache-hit emit and
#dispatchTokenEvents were suppressing token:update events that
AuthCookieService needs to write the session cookie. Backend then
saw an empty/stale cookie and treated the session as unauthenticated.

Keep only the broadcast handler guard in tokenCache.ts, which covers
the original motivation: cross-tab races where a background tab's
stale edge-minted token can clobber a fresher DB-minted token via
the BroadcastChannel.

Author: nikosdouvlis

packages/clerk-js/src/core/resources/Session.ts

@@ -42,7 +42,6 @@ import type {
 } from '@clerk/shared/types';
 import { isWebAuthnSupported as isWebAuthnSupportedOnWindow } from '@clerk/shared/webauthn';
 
-import { pickFreshestJwt } from '@/core/tokenFreshness';
 import { unixEpochToDate } from '@/utils/date';
 import { debugLogger } from '@/utils/debug';
 import { TokenId } from '@/utils/tokenId';
@@ -459,11 +458,7 @@ export class Session extends BaseResource implements SessionResource {
       // Only emit token updates when we have an actual token — emitting with an empty
       // token causes AuthCookieService to remove the __session cookie (looks like sign-out).
       if (shouldDispatchTokenUpdate && cachedToken.getRawString()) {
-        const isStaler =
-          this.lastActiveToken && pickFreshestJwt(this.lastActiveToken, cachedToken) === this.lastActiveToken;
-        if (!isStaler) {
-          eventBus.emit(events.TokenUpdate, { token: cachedToken });
-        }
+        eventBus.emit(events.TokenUpdate, { token: cachedToken });
       }
       result = cachedToken.getRawString() || null;
     } else if (!isBrowserOnline()) {
@@ -523,10 +518,6 @@ export class Session extends BaseResource implements SessionResource {
       return;
     }
 
-    if (this.lastActiveToken && pickFreshestJwt(this.lastActiveToken, token) === this.lastActiveToken) {
-      return;
-    }
-
     eventBus.emit(events.TokenUpdate, { token });
 
     if (token.jwt) {

packages/clerk-js/src/core/resources/__tests__/Session.test.ts

@@ -98,9 +98,7 @@ describe('Session', () => {
       expect(BaseResource.clerk.getFapiClient().request).not.toHaveBeenCalled();
 
       expect(token).toEqual(mockJwt);
-      // Cache hits with the same token as lastActiveToken suppress re-emission
-      // to avoid unnecessary cookie writes (monotonic freshness guard).
-      expect(dispatchSpy).toHaveBeenCalledTimes(0);
+      expect(dispatchSpy).toHaveBeenCalledTimes(2);
     });
 
     it('returns same token without API call when Session is reconstructed', async () => {