essentially the title.
During an SSR request, createServerClient might be called in the auth loader, and again later in some server function or internal api.
when the client refreshes an expired session using the refresh token and calls setAllCookies to set the Set-Cookie header, there is shared state between all the current server clients, and they all add these Set-Cookie headers, leading to duplicate Set-Cookie headers for large session objects
This can rapidly blow out the response header limits of cloudfront leading to 502's when there are multiple server clients
Expected behaviour:
Only the client used to call auth.refreshSession() should call the setAllCookies method to set Set-Coookie headers with the updated session
essentially the title.
During an SSR request, createServerClient might be called in the auth loader, and again later in some server function or internal api.
when the client refreshes an expired session using the refresh token and calls setAllCookies to set the Set-Cookie header, there is shared state between all the current server clients, and they all add these Set-Cookie headers, leading to duplicate Set-Cookie headers for large session objects
This can rapidly blow out the response header limits of cloudfront leading to 502's when there are multiple server clients
Expected behaviour:
Only the client used to call auth.refreshSession() should call the setAllCookies method to set Set-Coookie headers with the updated session