Skip to content

fix: use fresh user data when refreshing sessions #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nicknisi merged 2 commits into from
Aug 8, 2025
Merged

fix: use fresh user data when refreshing sessions #36

nicknisi merged 2 commits into from
Aug 8, 2025

Conversation

@nicknisi
Copy link
Member

@nicknisi nicknisi commented Aug 8, 2025

Summary

Fixes an issue where refreshSession and updateSession were preserving stale user and impersonator data from existing sessions instead of using the fresh data returned by the WorkOS authenticateWithRefreshToken API.

Changes

  • Updated refreshSession and updateSession to use current user/impersonator data from the API response
  • Fixed test mocks to include the expected user data in the authentication response
  • Ensures sessions stay up-to-date with any user attribute or impersonation status changes

Test Plan

  • All existing tests pass
  • Updated test mock to match real API behavior
  • Verified lint checks pass

Fixes #35

@nicknisi
fix: use fresh user data when refreshing sessions
46ff3d8 
Previously, refreshSession and updateSession preserved stale user and
impersonator data from existing sessions instead of using the fresh
data returned by the WorkOS authenticateWithRefreshToken API. This
could lead to outdated user information persisting after token refreshes.

Now both functions use the current user and impersonator data from the
API response, ensuring sessions stay up-to-date with any changes.

Fixes #35
greptile-apps[bot]
greptile-apps bot reviewed Aug 8, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greptile Summary

This PR fixes a critical bug in the AuthKit React Router library where session refresh operations were using stale user data instead of fresh data from the WorkOS API. The issue affected both refreshSession and updateSession functions in src/session.ts, which were incorrectly preserving user and impersonator data from the existing session rather than utilizing the updated information returned by the WorkOS authenticateWithRefreshToken API call.

The fix involves properly destructuring and using the user and impersonator fields from the API response when creating new session objects. This ensures that any changes to user attributes (like firstName, lastName, or email verification status) or impersonation status are immediately reflected in the refreshed session, maintaining data consistency between the WorkOS backend and the client-side session state.

The changes also include updates to the test mocks in src/session.spec.ts to properly simulate the complete API response structure, including user data, which ensures the tests accurately validate the fix and prevent regression of this issue.

Confidence score: 5/5

  • This PR is extremely safe to merge with minimal risk of causing any issues
  • Score reflects simple, well-tested bug fix that aligns with expected API behavior and follows established patterns
  • No files require special attention as the changes are straightforward and well-validated

2 files reviewed, 1 comment

Edit Code Review Bot Settings | Greptile

@nicknisi @greptile-apps
Update src/session.ts
7658c5b 
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
@nicknisi nicknisi requested a review from cmatheson August 8, 2025 16:59
cmatheson
cmatheson approved these changes Aug 8, 2025
View reviewed changes
Copy link

@cmatheson cmatheson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@nicknisi nicknisi merged commit d5123b3 into main Aug 8, 2025
6 checks passed
@nicknisi nicknisi deleted the nicknisi/35-stale-session-data branch August 8, 2025 17:08
@nicknisi nicknisi mentioned this pull request Aug 8, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cmatheson cmatheson cmatheson approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

refreshSession uses user from old session

3 participants

@nicknisi @cmatheson