Skip to content

auth.setPersistence(browserLocalPersistence) is not idempotent: wipes previous browser local storage #9319

New issue
New issue
Open
Open
auth.setPersistence(browserLocalPersistence) is not idempotent: wipes previous browser local storage#9319
Labels
api: authneeds-attentionquestion
@rikbrown

Description

@rikbrown
rikbrown
opened on Oct 14, 2025

Operating System

macOS 26/various Ubuntu

Environment (if applicable)

Next.js 15/Node

Firebase SDK Version

11.9.0

Firebase SDK Product(s)

Auth

Project Tooling

Next.js 15, Typescript, Node

Detailed Problem Description

tl;dr: auth.setPersistence is not idempotent and this is not documented correctly. Calling setPersistence(browserLocalPersistence) will wipe any previous local storage sessions. Do not call this method during init if you just want the status quo of local persistence.

Our app uses a shared Firebase app wrapper with two modes depending on the application consuming that wrapper. One of them uses Firebase Auth purely to acquire a session token (so uses in memory persistence), the other actually uses local Firebase storage.

Our code was running this as part of init:

await auth.setPersistence( env.NEXT_PUBLIC_FIREBASE_PERSIST ? browserLocalPersistence : inMemoryPersistence )

We assumed, that because browserLocalStorage is the default, and furthermore on a re-init was being used by previous initialisations, that calling setPersistence with the exact same setup would be idempotent.

This isn't the case: each time the app inits, the locally stored auth is wiped out. This is very evident if we opened an instance of our app in a new tab. The new tab reinitialises (cold start), wipes the store and continues happily. However, any previous tab - listening to the old store - now loses its state and thinks it is logged out.

This is undocumented and IMO dangerous (certainly was for us). I found this note in the docs at https://firebase.google.com/docs/auth/web/auth-state-persistence:

If the user was previously signed in using local persistence with multiple tabs opened and then switches to none or session persistence in one tab, the state of that tab will be modified with the user persisted in session or none and on all other tabs, the user will be signed out.

However, this does not imply that setting to the exact same auth would cause a sign out.

Steps and code to reproduce issue

  • Initialise firebase
  • Add the snippet to explicitly set auth to browser local
  • Open in one tab, log in
  • Open in a new tab. Observe first tab loses state.

Metadata

Metadata

Assignees

No one assigned

    Labels

    api: authneeds-attentionquestion

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions