Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

Session does not persist, how to solve it?

  • 0
  • Self Hosted
  • Auth
View on Discord
Bielframos
8 Jul, 2024, 22:04

I am developing an SSR app using SvelteKit, in my app the user can create their account, or simply log in if they are already registered.

In both cases I follow the same implementation demonstrated in the SSR authentication tutorials provided in the documentation.

As in the example below 👇

TypeScript
import { SESSION_COOKIE, createAdminClient } from "$lib/server/appwrite.js"
import { redirect } from "@sveltejs/kit"

export const actions = {
    login: async ({ request, cookies }) => {
        const form = await request.formData()
        const email = form.get("email") as string
        const password = form.get("pass") as string

        const { account } = createAdminClient()
        const session = await account.createEmailPasswordSession(email, password)

        cookies.set(SESSION_COOKIE, session.secret, {
            sameSite: "strict",
            expires: new Date(session.expire),
            secure: true,
            path: "/",
        })

        redirect(301, "/admin/meu-negocio")
    },
}

The cookie that is stored during the login or account creation process is used to create a session client.

TypeScript
export function createSessionClient(cookies: Cookies) {
    const session = cookies.get(SESSION_COOKIE)

    if (!session) {
        throw new Error("Não existe uma sessão válida")
    }

    const client = new Client()
        .setEndpoint(variables.APPWRITE_ENDPOINT)
        .setProject(variables.APPWRITE_PROJECT)
        .setSession(session)

    return {
        get account() {
            return new Account(client)
        },
        get databases() {
            return new Databases(client)
        },
    }
}

After the first access everything works perfectly, in the middleware after instantiating the client I can access the logged in user, through the session client, but when I spend some time without using the app and return it is as if the session is no longer valid and I get the following error 👇

TypeScript
{
  code: 401,
  type: 'general_unauthorized_scope',
  response: {
    message: 'User (role: guests) missing scope (account)',
    code: 401,
    type: 'general_unauthorized_scope',
    version: '1.5.7'
  }
}

I've looked everywhere for a solution to this, or at least to understand what's happening, and I can't find it.

When I check my console, the user still has the session registered in the app and the sessions were configured to last 1 year. Which in this case already comes by default in Appwrite.

Could anyone help me with this?

TL;DR
Session in SvelteKit app does not persist; developers unable to maintain session after a period of inactivity. Solution: Increase session timeout or implement a session renewal mechanism to avoid error upon returning to the app after a while.
Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more