revert(clerk-js): drop Session.ts monotonic guards

The Session.ts guards at #_getToken cache-hit emit and
#dispatchTokenEvents were suppressing token:update events that
AuthCookieService needs to write the session cookie. Backend then
saw an empty/stale cookie and treated the session as unauthenticated.

Keep only the broadcast handler guard in tokenCache.ts, which covers
the original motivation: cross-tab races where a background tab's
stale edge-minted token can clobber a fresher DB-minted token via
the BroadcastChannel.

Author: nikosdouvlis

.husky/_/husky.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env sh
+if [ -z "$husky_skip_init" ]; then
+  debug () {
+    if [ "$HUSKY_DEBUG" = "1" ]; then
+      echo "husky (debug) - $1"
+    fi
+  }
+
+  readonly hook_name="$(basename -- "$0")"
+  debug "starting $hook_name..."
+
+  if [ "$HUSKY" = "0" ]; then
+    debug "HUSKY env variable is set to 0, skipping hook"
+    exit 0
+  fi
+
+  if [ -f ~/.huskyrc ]; then
+    debug "sourcing ~/.huskyrc"
+    . ~/.huskyrc
+  fi
+
+  readonly husky_skip_init=1
+  export husky_skip_init
+  sh -e "$0" "$@"
+  exitCode="$?"
+
+  if [ $exitCode != 0 ]; then
+    echo "husky - $hook_name hook exited with code $exitCode (error)"
+  fi
+
+  if [ $exitCode = 127 ]; then
+    echo "husky - command not found in PATH=$PATH"
+  fi
+
+  exit $exitCode
+fi

packages/clerk-js/src/core/resources/Session.ts

@@ -42,7 +42,6 @@ import type {
 } from '@clerk/shared/types';
 import { isWebAuthnSupported as isWebAuthnSupportedOnWindow } from '@clerk/shared/webauthn';
 
-import { pickFreshestJwt } from '@/core/tokenFreshness';
 import { unixEpochToDate } from '@/utils/date';
 import { debugLogger } from '@/utils/debug';
 import { TokenId } from '@/utils/tokenId';
@@ -459,11 +458,7 @@ export class Session extends BaseResource implements SessionResource {
       // Only emit token updates when we have an actual token — emitting with an empty
       // token causes AuthCookieService to remove the __session cookie (looks like sign-out).
       if (shouldDispatchTokenUpdate && cachedToken.getRawString()) {
-        const isStaler =
-          this.lastActiveToken && pickFreshestJwt(this.lastActiveToken, cachedToken) === this.lastActiveToken;
-        if (!isStaler) {
-          eventBus.emit(events.TokenUpdate, { token: cachedToken });
-        }
+        eventBus.emit(events.TokenUpdate, { token: cachedToken });
       }
       result = cachedToken.getRawString() || null;
     } else if (!isBrowserOnline()) {
@@ -523,10 +518,6 @@ export class Session extends BaseResource implements SessionResource {
       return;
     }
 
-    if (this.lastActiveToken && pickFreshestJwt(this.lastActiveToken, token) === this.lastActiveToken) {
-      return;
-    }
-
     eventBus.emit(events.TokenUpdate, { token });
 
     if (token.jwt) {

packages/clerk-js/src/core/resources/__tests__/Session.test.ts

@@ -98,9 +98,7 @@ describe('Session', () => {
       expect(BaseResource.clerk.getFapiClient().request).not.toHaveBeenCalled();
 
       expect(token).toEqual(mockJwt);
-      // Cache hits with the same token as lastActiveToken suppress re-emission
-      // to avoid unnecessary cookie writes (monotonic freshness guard).
-      expect(dispatchSpy).toHaveBeenCalledTimes(0);
+      expect(dispatchSpy).toHaveBeenCalledTimes(2);
     });
 
     it('returns same token without API call when Session is reconstructed', async () => {