Skip to content

feat: expose auth userStorage option to facilitate lower cookie sizes #1545

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 2, 2025
Merged

feat: expose auth userStorage option to facilitate lower cookie sizes #1545

merged 2 commits into from
Sep 2, 2025

Conversation

hf
Copy link
Contributor

@hf hf commented Aug 29, 2025

Adds the userStorage option to facilitate the experimental split session storage capability in auth-js. It will be propagated down to the @supabase/ssr package hopefully significantly decreasing cookie sizes.

@coveralls
Copy link

coveralls commented Aug 29, 2025
edited
Loading

Pull Request Test Coverage Report for Build 17325603710

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 95.6%
Totals Coverage Status
Change from base Build 17137627596: 0.0%
Covered Lines: 144
Relevant Lines: 146
💛 - Coveralls

@hf hf mentioned this pull request Aug 29, 2025
Merged
cemalkilic
cemalkilic approved these changes Aug 29, 2025
View reviewed changes
@hf @cemalkilic
add suggestion by @cemalkilic
b5a67cb 
Co-authored-by: Cemal Kılıç <[email protected]>
@hf hf merged commit 4ae856c into master Sep 2, 2025
14 checks passed
@hf hf deleted the hf/add-user-storage-auth-option branch September 2, 2025 13:24
hf added a commit to supabase/ssr that referenced this pull request Sep 16, 2025
@hf
feat: adds cookies.encode option allowing minimal cookie sizes (#126)
cf38b22 
Adds an experimental option `encode` on the `cookies` object when using
`createBrowserClient()` and `createServerClient()`.

If this is set to `tokens-only` then only the user's access token and
refresh token will be encoded in the cookies, causing significant cookie
size savings, often greater than 50%. It utilizes [split session storage
in `auth-js`](supabase/supabase-js#1545), with
some trade-offs such as the inability to access the `user` property on
the `supabase.auth.getSession()` object in the server. This wasn't
supposed to be done anyway, and `getClaims()` is a secure alternative
for it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cemalkilic cemalkilic cemalkilic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hf @coveralls @cemalkilic