-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inconsistent Session Expiration When Using AWS Amplify with Next.js Middleware #14118
Comments
Hello, @okashaaijaz and thanks for opening this issue. Are you using any custom cookie storage potentially or just the out of the box version with Amplify? Can you confirm if the Amplify generated cookies are able to be seen when this happens or if they are expired? Finally, what is the TTL you have set for your tokens? |
@cwomack I am not setting any custom cookie my self, everything is handled by amplify itself. I am fetching session in next js middleware using next.js adapter which is returning undefined in logs and my cookies are present in browser. |
@cwomack Another issue I encountered today was that my access token expired, and I was automatically logged out because I am validating the token on the backend side. It is throwing an error stating that the token has expired. My question is: Will Amplify automatically refresh the access token, or do we need to implement some custom logic for this? |
Hi @okashaaijaz can you paste the complete error message you saw regarding the token has expired error? Also looking at the example code of the middleware, you were creating a |
Hi @okashaaijaz
The Amplify will automatically refresh the access token and idtoken. It might be another issue caused the token to expire. |
Hi can you elaborate on this maybe? |
@yonihod, I'll try to clarify the token refresh issue when using Basically, you want to ensure any token refresh cookies are preserved while still allowing you to rewrite/redirect as needed. Here's a minimal sample of how this can be done: const response = NextResponse.rewrite();
await runWithAmplifyServerContext({
nextServerContext: {
request,
response, // <= created above
}
})
return response; // return the same response which contains refresh tokens (Set-Cookie headers) |
Before opening, please confirm:
JavaScript Framework
Next.js
Amplify APIs
Authentication
Amplify Version
v6
Amplify Categories
auth
Backend
Amplify Gen 2
Environment information
Describe the bug
We are experiencing random logout issues for users when using AWS Amplify with Next.js in a custom middleware setup. Some users remain logged in for 4–5 days, while others get logged out after only 1–2 days. Cookies are present in the browser, but the session becomes undefined in the middleware, leading to forced redirections. I have added logs in middleware and authenticateUser function which is logging undefined. Below is a simplified version of our current setup:
Expected behavior
Reproduction steps
Code Snippet
// Put your code below this line.
Log output
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
The text was updated successfully, but these errors were encountered: