fix: restore session before auth middleware in SPA mode

zlotnika · claude · zlotnika · commit d6fe4d54a811 · 2026-03-15T14:46:12.000-07:00
In SPA mode (useSsrCookies: false), explicitly call getSession() during plugin setup so the session state is populated before auth middleware runs. This prevents authenticated users from being incorrectly redirected on direct navigation or page reload. Fixes #496 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/playground/package.json b/playground/package.json
@@ -0,0 +1,7 @@
+{
+  "private": true,
+  "name": "supabase-module-playground",
+  "devDependencies": {
+    "@nuxt/devtools": "^1.0.6"
+  }
+}
diff --git a/src/runtime/plugins/supabase.client.ts b/src/runtime/plugins/supabase.client.ts
@@ -44,6 +44,16 @@ export default defineNuxtPlugin({
     const currentSession = useSupabaseSession()
     const currentUser = useSupabaseUser()
 
+    // In SPA mode, restore session from storage before auth middleware runs.
+    // This prevents a race condition where middleware checks session before it's hydrated.
+    // See: https://github.com/nuxt-modules/supabase/issues/496
+    if (!useSsrCookies) {
+      const { data } = await client.auth.getSession()
+      if (data.session) {
+        currentSession.value = data.session
+      }
+    }
+
     // Populate user before each page load to ensure the user state is correctly set before the page is rendered
     nuxtApp.hook('page:start', async () => {
       const { data } = await client.auth.getClaims()
