Skip to content

test(e2e): add multi-session token refresh tests#7949

Open
jacekradko wants to merge 2 commits intomainfrom
jacek/multi-session-token-refresh-test
Open

test(e2e): add multi-session token refresh tests#7949
jacekradko wants to merge 2 commits intomainfrom
jacek/multi-session-token-refresh-test

Conversation

@jacekradko
Copy link
Member

@jacekradko jacekradko commented Feb 26, 2026
edited by coderabbitai bot
Loading

Summary

  • Adds integration tests for multi-session token refresh, validating the fix from clerk_go PR #16913
  • Test 1 (fast): Verifies that FAPI getToken({ skipCache: true }) returns a JWT with the correct sid claim for each session when switching between two active sessions
  • Test 2 (slow, ~70s): Verifies that server-side middleware refresh/handshake preserves the correct active session after the __session cookie JWT expires — ensuring session1 isn't swapped to session2 just because session2 was last touched

Test plan

  • npx playwright test session-refresh-multi-session --project chrome passes against a running app with withEmailCodes env

Summary by CodeRabbit

  • Tests
    • Added integration tests for multi-session token refresh scenarios to verify session isolation and token expiry handling.

@jacekradko
test(integration): add multi-session token refresh tests
aac5250 
Add integration tests proving that in a multi-session scenario, each
session always gets its own correct token — not a token belonging to
whichever session was last active.

Test 1 (fast): Verifies FAPI token fetch returns a JWT with the correct
sid claim for each session after switching between them.

Test 2 (slow, ~70s): Verifies server-side middleware refresh/handshake
preserves the correct active session after the __session cookie JWT
expires, rather than swapping to the most recently touched session.
@vercel
Copy link

vercel bot commented Feb 26, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
clerk-js-sandbox Ready Ready Preview, Comment Feb 27, 2026 1:21am

Request Review

@changeset-bot
Copy link

changeset-bot bot commented Feb 26, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 56142d4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@pkg-pr-new
Copy link

pkg-pr-new bot commented Feb 26, 2026
edited
Loading

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7949

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7949

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7949

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7949

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7949

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7949

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7949

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7949

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7949

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7949

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@7949

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7949

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7949

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7949

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7949

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7949

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7949

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7949

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7949

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7949

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7949

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7949

commit: 56142d4

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 26, 2026
edited
Loading

📝 Walkthrough

Walkthrough

A new integration test suite for multi-session token refresh flow is added to the file integration/tests/session-refresh-multi-session.test.ts using Playwright. The suite creates two fake users, registers them, and performs end-to-end interactions across two sessions to verify distinct session IDs (SIDs) in JWT payloads, session switching, and server-side token refresh behavior. Tests are run serially to prevent parallel session interference and include UI-driven sign-in for the first session alongside programmatic sign-in for the second session, JWT token fetching and decoding validation, temporary route blocking for token refresh manipulation, and timeout handling.

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check ✅ Passed The title accurately reflects the main change: adding multi-session token refresh tests to the integration test suite.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Comment @coderabbitai help to get the list of available commands and usage tips.

@jacekradko jacekradko changed the title test(integration): add multi-session token refresh tests test(e2e): add multi-session token refresh tests Feb 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

core-3 integration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jacekradko