Skip to content

feat: expose auth userStorage option to facilitate lower cookie sizes#1545

Merged
hf merged 2 commits into
masterfrom
hf/add-user-storage-auth-option
Sep 2, 2025
Merged

feat: expose auth userStorage option to facilitate lower cookie sizes#1545
hf merged 2 commits into
masterfrom
hf/add-user-storage-auth-option

Conversation

@hf

@hf hf commented Aug 29, 2025

Copy link
Copy Markdown
Contributor

Adds the userStorage option to facilitate the experimental split session storage capability in auth-js. It will be propagated down to the @supabase/ssr package hopefully significantly decreasing cookie sizes.

@coveralls

coveralls commented Aug 29, 2025
edited
Loading

Copy link
Copy Markdown

Pull Request Test Coverage Report for Build 17325603710

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 95.6%
Totals Coverage Status
Change from base Build 17137627596: 0.0%
Covered Lines: 144
Relevant Lines: 146
💛 - Coveralls

@hf hf mentioned this pull request Aug 29, 2025
Merged
cemalkilic
cemalkilic approved these changes Aug 29, 2025
View reviewed changes
Comment thread src/lib/types.ts Outdated
@hf @cemalkilic
add suggestion by @cemalkilic
b5a67cb 
Co-authored-by: Cemal Kılıç <cemalkilic@users.noreply.github.com>
@hf hf merged commit 4ae856c into master Sep 2, 2025
14 checks passed
@hf hf deleted the hf/add-user-storage-auth-option branch September 2, 2025 13:24
hf added a commit to supabase/ssr that referenced this pull request Sep 16, 2025
@hf
feat: adds cookies.encode option allowing minimal cookie sizes (#126)
cf38b22 
Adds an experimental option `encode` on the `cookies` object when using
`createBrowserClient()` and `createServerClient()`.

If this is set to `tokens-only` then only the user's access token and
refresh token will be encoded in the cookies, causing significant cookie
size savings, often greater than 50%. It utilizes [split session storage
in `auth-js`](supabase/supabase-js#1545), with
some trade-offs such as the inability to access the `user` property on
the `supabase.auth.getSession()` object in the server. This wasn't
supposed to be done anyway, and `getClaims()` is a secure alternative
for it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cemalkilic cemalkilic cemalkilic approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hf @coveralls @cemalkilic