Issue with version 9 compat build on Safari after one hour long sessions #5644
Description
- Operating System version: macOS and iOS
- Browser version: Safari 14 and 15
- Firebase SDK version:
9.1.3compat - Firebase Product:
auth
Description
Since updating from version 8.9.1 to the version 9.1.3 compatibility build, we started seeing lots of errors sent to our error tracker for Safari devices on sessions longer than one hour: undefined is not an object (evaluating 'e._canInitEmulator=!1')
I believe this is the following line in the source code:
The error is only triggered in Safari (macOS and iOS), and only for sessions longer than one hour. The error seems to be triggered on the first Firebase action after the one hour mark (our error reports range from just a few seconds after one hour, up to several minutes, and normal flow in our application is one Firebase action at least every 5 minutes). None of the error reports show a session duration shorter than one hour.
Note that it's not one hour idle, but rather with continuous Firebase actions every 3-5 minutes without any issues.
So, something must happen after specifically one hour, for instance the requirement of a refresh-token exchange the seems to fail. If I haven't misunderstood anything, this should be handled internally by the Firebase SDK. We are using a custom token to authenticate the session to begin with, but that happens immediately and one hour prior to the triggered errors. We do know that custom tokens has an expiration of one hour, but your docs clarify that this is unrelated in the following sentence and that the Firebase sessions should function longer (which it also always has done previously): Note: this only controls the time when the custom token itself expires. But once you sign a user in using signInWithCustomToken(), they will remain signed in into the device until their session is invalidated or the user signs out.
Steps to reproduce:
As far as we know
- On Safari 14 or 15, use Firebase Auth 9.1.3 compat.
- Sign in using custom token (unknown if that is required)
- Wait one hour and then perform an action that requires auth (in our case, it's trying to upload a file to Storage).
We had no similar problems with version 8, and we have not changed our code when transitioning to the compat build.
We are absolutely planning to migrate to the modular version of Firebase 9, but we have not been able to try that yet and we don't know if that would affect this problem.
Has any similar reports been sent, and do you immediately recognize the one hour "limit" for Safari sessions?