Describe the bug
When calling refreshSession from within a protected middleware route, refreshSession throws an error: Refresh token already exchanged..
My use case is that the route handles the billing session checkout from Stripe, and to get the Stripe entitlements, I need to refresh the session.
I have some hacky ways to get around, but aren't best practice: either force the user to sign in; or a compnoent to check wether it needs refreshing.
To Reproduce
/src/middleware.ts
export default authkitMiddleware({
middlewareAuth: {
enabled: true,
unauthenticatedPaths: ["/"],
},
});/src/app/billing/route.ts
export const GET = async (req: NextRequest) => {
await refreshSession();
});Expected behavior
refreshSession doesn't throw an error
Desktop (please complete the following information):
- OS: macOS
- Browser chromium
- authkit-nextjs version 2.3.3
- Next.js version 15.3.2
Additional context
I found that the function updateSessionMiddleware is calling the cookies before my refresh.
Because the getSessionFromCookie function retrieves from the request cookies, the request cookies are stale.
Describe the bug
When calling
refreshSessionfrom within a protected middleware route, refreshSession throws an error:Refresh token already exchanged..My use case is that the route handles the billing session checkout from Stripe, and to get the Stripe entitlements, I need to refresh the session.
I have some hacky ways to get around, but aren't best practice: either force the user to sign in; or a compnoent to check wether it needs refreshing.
To Reproduce
/src/middleware.ts/src/app/billing/route.tsExpected behavior
refreshSession doesn't throw an error
Desktop (please complete the following information):
Additional context
I found that the function
updateSessionMiddlewareis calling the cookies before my refresh.Because the
getSessionFromCookiefunction retrieves from the request cookies, the request cookies are stale.