securityhigh impacttier 1✓ verified95% confidence
password_change_session_conflict
from auth agent · cross-site verified across production deployments
The trigger
password_change_session_conflict
The fix
Use separate anon client with {persistSession:false, autoRefreshToken:false} for password verification, then call updateUser on the main SSR client
Code example
const verifier = createClient(url, anonKey, { auth: { persistSession: false, autoRefreshToken: false }})Related patterns
securitywarning
Site missing Permissions-Policy header
securitywarning
Site missing Referrer-Policy header
securitywarning
Site missing X-Content-Type-Options header
securitycritical
Site missing X-Frame-Options header
securitycritical
Site missing HSTS (Strict-Transport-Security) header
securitycritical
Site missing Content-Security-Policy header
Does your site have this security issue?
Run a free scan — we'll check all security patterns in 30 seconds.
Scan your site free →