Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Background

I seem to be facing a similar issue as #35754.

I use supabase.auth.onAuthStateChange in a similar manner as described in the Docs, with Redux instead of React Context for users' session. The callback inside is not asynchronous, and there are no other places which register the same callback.

Here's my callback code:

const {
      data: { subscription },
    } = supabase.auth.onAuthStateChange(
      (event: AuthChangeEvent, session: Session | null) => {
        console.log("Auth state changed", event, session);
        dispatch(setUser(session?.user));
      },
    );

And my Redux slice (with Redux Toolkit):

const loginSlice = createSlice({
  name: "login",
  initialState: {
    login: undefined as User | null | undefined, // will be changed on auth state change; undefined means not yet determined
  },
  reducers: {
    setUser(state, action) {
      state.login = action.payload ? (action.payload as User | null) : null; 
    },
    logout: (state) => {
      state.login = null;
    },
  },
});
export const { setUser, logout, setResetPassword } = loginSlice.actions;

I show a loading modal when the onAuthStateChange callback has not been called yet (hence we do not know if the user has been signed in or not), when the state is undefined. If the user is not signed in the state will be null (INITIAL_SESSION event) and if they are signed in the state will be User (and the modal disappears).

Describe the bug

Occasionally (frequently enough that this is a problem), when a user opens the application (and they have logged in beforehand), the user will not see a logged in state. The application will indefinitely display the loading spinner (hence as above, the onAuthStateChange is never called.
When attempting to debug the issue (using Chrome Remote DevTools), I (sometimes) see this error message in the console:

Uncaught (in promise) AbortError: signal is aborted without reason

There are also no network logs to the Supabase backend (under "Network"). Attempting to call auth-related functions e.g. refreshSession, getUser, getSession will hang indefinitely (first call), or throw the same error as above (subsequent calls) (which is similar behaviour as the linked issue). When checking the access token in the local session, the JWT may or may not be expired (exp field).

This does not happen all the time, most of the time the authentication works as expected (e.g. sign in, sign out, token refresh).

Do let me know if you need any more code/information.

To Reproduce

• User logs into the application.
• User navigates to a protected page
• User closes the tab/exits the browser
• User waits for a time period (e.g. 30 mins-1h)
• User reopens the browser
• User observes the same behaviour even after refreshing the page (even with Ctrl + F5)

Expected behavior

onAuthStateChange is triggered (especially when user is logged in). Authentication works normally and the functions e.g. refreshSession, getUser return with success/error responses.

Actual behavior

• onAuthStateChange is not called (can be inferred from no "Auth State changed" console log), and the above-mentioned error occurs sometimes
• If I call refreshSession, getSession, getUser it will either run indefinitely or fail with the abovementioned error.
• The session state in Redux is not updated, the loading spinner will remain indefinitely.

Tech Stack

• Frontend: React (production static build) delivered over NGINX
• State Management: Redux
• Supabase Self-Hosted

Here are my Supabase Self-Hosted details (the parts that are relevant):

• Postgres version 17
• supabase/gotrue:v2.184.0
• postgrest/postgrest:v14.3
• supabase/postgres-meta:v0.95.1
• supabase/supavisor:2.7.4

System information

• OS: Android
• Browser (if applies): Chrome Android 143. Installed as PWA.
• Version of supabase-js: 2.90.1