fix(react): Fix stale SSR state during cross-tab sign-out#7865
fix(react): Fix stale SSR state during cross-tab sign-out#7865
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🦋 Changeset detectedLatest commit: f861ecc The changes in this PR will be included in the next version bump. This PR includes changesets to release 6 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
@clerk/agent-toolkit
@clerk/astro
@clerk/backend
@clerk/chrome-extension
@clerk/clerk-js
@clerk/dev-cli
@clerk/expo
@clerk/expo-passkeys
@clerk/express
@clerk/fastify
@clerk/hono
@clerk/localizations
@clerk/nextjs
@clerk/nuxt
@clerk/react
@clerk/react-router
@clerk/shared
@clerk/tanstack-react-start
@clerk/testing
@clerk/ui
@clerk/upgrade
@clerk/vue
commit: |
📝 WalkthroughWalkthroughAdds a Playwright integration test that verifies cross-tab sign-out: one tab signs out while another is on a protected page and the remaining tab is redirected to sign-in via BroadcastChannel. Refactors useAuthBase state initialization to introduce explicit 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.changeset/dry-mangos-fail.md (1)
5-5: Consider adding cross-tab scenario context.The description is clear and technically accurate. For enhanced user understanding, you could optionally mention the specific cross-tab scenario (e.g., "when signing out in one browser tab while other tabs remain open").
📝 Optional enhancement for user clarity
-Fix navigation hang on cross-tab sign-out by preventing stale SSR state from being used after sign-out detection. +Fix navigation hang when signing out in one browser tab while other authenticated tabs remain open, by preventing stale SSR state from being used after sign-out detection.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.changeset/dry-mangos-fail.md at line 5, Update the changeset description "Fix navigation hang on cross-tab sign-out by preventing stale SSR state from being used after sign-out detection." to explicitly mention the cross-tab scenario (for example: "when signing out in one browser tab while other tabs remain open") so users immediately understand the context; keep the technical explanation about preventing stale SSR state after sign-out detection (the existing phrase) and append a short example clause referencing the cross-tab sign-out behavior.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.changeset/dry-mangos-fail.md:
- Line 5: Update the changeset description "Fix navigation hang on cross-tab
sign-out by preventing stale SSR state from being used after sign-out
detection." to explicitly mention the cross-tab scenario (for example: "when
signing out in one browser tab while other tabs remain open") so users
immediately understand the context; keep the technical explanation about
preventing stale SSR state after sign-out detection (the existing phrase) and
append a short example clause referencing the cross-tab sign-out behavior.
jacekradko
left a comment
There was a problem hiding this comment.
@bratsos I am wondering if other hooks like useUserBase for example have the same issue of returning stale initialState ?
Description
When a user signs out in one browser tab, other tabs viewing protected pages hang instead of redirecting to the sign-in page. The page remains stuck showing stale authentication data even though the session has been terminated.
Reproduction:
Root Cause
The bug is in how
useAuthBasedecides which authentication state to return. When the page initially loads from the server, it includes a snapshot of the auth state at that moment (initialState). This snapshot is frozen and never updates - it's purely for hydration during the initial render.The problem occurs during cross-tab sign-out: when Clerk detects the sign-out in another tab, it clears its client-side resources but is still in a "loaded" state. The old logic used an
ORcondition that would fall back to the frozen server snapshot whenever resources were unavailable, even though the SDK was fully loaded and operational. This meant the code would return stale authentication data from the server (showing the user as signed in) instead of the current reality (user is signed out). Protected routes would see this stale data and fail to redirect.Checklist
pnpm testruns as expected.pnpm buildruns as expected.Type of change
Summary by CodeRabbit
Bug Fixes
Tests