I have issue with my session. When I’m at jira:globalPage and I login into my account which is handled by “aws-amplify”: “^4.3.26”, and then navigate to jira:projectPage or jira:projectSettingsPage it logs me out, and the same true is when I logout while on jira:globalPage page, I’m still logged in at jira:projectPage or jira:projectSettingsPage pages. This break happened after runtime version upgrade form nodejs18.x to nodejs22.x. Here is the function that validates my auth session.
import { Auth } from 'aws-amplify'
const isValidSession = async () => {
try {
const session = await Auth.currentSession()
return session.isValid()
} catch (e) {
console.error('Can not check if session is valid: ', e)
return false
}
}
P.S. Removing snapshot:true from manifest did not fix it
FYI. Initially our app was written with Connect then we did some changes to run it on Forge, but still there are some legacy packages - not sure if this might be relevant to this problem…
What do you mean by “login to my account”, probably not the Atlassian account but a separate one?
From the code you posted, it seems that aws-amplify is using global state (Auth) to manage the session. Forge runs your application in Lambdas, and the same Lambda container might receive multiple requests from unrelated users and tenants.
You must not rely on the global state to store authentication information. Make sure that you clean up any leftover Amplify state before you process the current request.
Also consider that a product-related module like jira:projectPage will already know the current user identity, so you might not need to log in manually. What do you want to achieve by “logging in” through Amplify?
I’m using Amplify package to call AppSync and get data from my app’s storage. Yes, auth is not logging in user to Atlassian but rather to my app’s user’s account.
If not to rely on global state, then what you suggest to do instead?
If the user belongs to your app and there is no per tenant data stored there, it’s OK to keep a global variable. However, you have to check if you are logged in or not (or just log in anyway) on every request, as there might be several Lambdas executing your application at once. Logging in just on some endpoints will not be enough.
Thank you, I found the issue, it was because all modules (i.e. global page, project page) were running on the same instance in the sandbox env, an when I upgraded the version, I needed to handle that in my code, and request it again on different page, in sandbox I didn’t have a need to update the global state, when switching between different pages.