← All patterns
securityhigh impacttier 1✓ verified95% confidence

signInWithPassword verification inside server action disrupts main session cookies

from auth agent · cross-site verified across production deployments

The trigger

signInWithPassword verification inside server action disrupts main session cookies

The fix

Use separate anon client with {persistSession:false, autoRefreshToken:false} for password verification, then call updateUser on the main SSR client

Code example

const verifier = createClient(url, anonKey, { auth: { persistSession: false, autoRefreshToken: false }})

Related patterns

securitycritical

Any endpoint that trusts client-submitted prices or totals

securitycritical

pre_send_3_layer_validation

securitycritical

imap_bounce_cleanup

securitycritical

email_warmup_kademeli

securitycritical

spf_dkim_dmarc_setup

securitycritical

bounce_3_layer

Does your site have this security issue?

Run a free scan — we'll check all security patterns in 30 seconds.

Scan your site free →