Session constantly refreshes (calls backend) using JWT, maxAge of day, and SessionProvider at app

[TheSNSCompany]

Environment

System:
OS: macOS 12.2.1
CPU: (10) x64 Apple M1 Pro
Memory: 172.97 MB / 16.00 GB
Shell: 5.8 - /bin/zsh
Binaries:
Node: 14.18.2 - ~/.nvm/versions/node/v14.18.2/bin/node
Yarn: 1.22.17 - /opt/homebrew/bin/yarn
npm: 6.14.15 - ~/.nvm/versions/node/v14.18.2/bin/npm
Browsers:
Edge: 100.0.1185.50
Safari: 15.3
npmPackages:
next: ^12.0.7 => 12.0.7
next-auth: ^4.3.1 => 4.3.1
react: 17.0.2 => 17.0.2

Reproduction URL

N/A

Describe the issue

Using JWT and a maxAge of a day, the useSession() is still hitting the backend on page refresh. Clicking around and using the built-in router does not call the session but a hard page refresh will call the backend. Is this expected behavior?

session: { strategy: "jwt", maxAge: 60 * 60 * 24, },

export default function App({ Component, pageProps }) {
  const getLayout = Component.getLayout || ((page) => page);

  return (
    <>
      <SessionProvider session={pageProps.session}>
        <ToastContainer />
        {Component.auth
          ? getLayout(
              <Auth>
                <Component {...pageProps} />
              </Auth>
            )
          : getLayout(<Component {...pageProps} />)}
      </SessionProvider>
    </>
  );
}

The session shows the correct expires property, but the network tab is still showing a call to session on every page refresh.

How to reproduce

hard refresh a page with useSession()

Expected behavior

I wouldn't expect the session to call the backend if the user still has a valid token/session.

[ThangHuuVu]

Yes, useSession would always hit the API route on a CSR page. Here's the relevant code:

next-auth/packages/next-auth/src/react/index.tsx

Lines 328 to 330 in 641d917

	__NEXTAUTH._session = await getSession({
	broadcast: !storageEvent,
	})

[TheSNSCompany]

damn, is there any way to avoid this? I was hoping for it to be cached until the refresh time hits.

[bilalesi]

I don't know if the same issue here, but i implemented facebook authentication, and in just 4 hours i got 19000 Go of serveless functions hit Vercel servers, and a 7900$ bill,
my implmenetation was quitte as recommended by the docs and nothing fancy was added, until now, i don't got any idea why.
depend on the support team, i was having FUNCTION_INVOCATION_TIMEOUT for /signin path,
this error was never mentionned in the docs either in Vercel docs or next/next-auth docs,
The number of requests recieved by functions was dramatically huge 1,286,074 success and 1,171,973 timeouts and 20,056 GB-Hrs in just 3 or 4 hours.
and the wierd thing, is just me who was using the app.