From: Richard Starting Up

I’ve decided to start my own startup here in Silicon Valley. Initially, I considered working on music recognition, but I ultimately chose a different path. Follow me on this journey!

Fixing the Invisible: Crushing the Token Persistence Bug and Closing the Auth Loop

What a day.

Got up, poured coffee, fought the session persistence bug — again.

Remember that onboarding problem with token fallout after refresh? Yeah, still hitting hard. Today was about peeling back the layers to find why Supabase’s auth token wasn't surviving hard refreshes. Dug deep into localStorage vs. cookie-based session handling and finally spotted the root: the refresh token wasn't being rewritten reliably after the first expiry cycle. Dumb mistake, classic async race condition. Rookie move.

Fixed it up with a slightly over-engineered middleware shim that tracks session expiry and forces refresh preemptively. It’s still hacky, but it stabilizes user onboarding enough for real testers to make it through without rage-quitting. That’s a win today.

Also tried syncing token state across tabs. Currently, only half-working. Might throw that into V2. Or never. We'll see.

Even weirder: while debugging, I realized that I was slowly rebuilding a lightweight session monitor with auto-recovery triggers. Kinda accidentally building an SDK here. Maybe that’s something.

Designer dropped the first layout pass for the new onboarding screen. Clean, sharp, friendly, and finally doesn’t look like it was built inside the VSCode terminal. Thank you Figma gods.

Had a quick call with a potential devtools partner. Big interest in the "invisible recovery" piece once it’s solid. I pitched carefully — didn’t oversell what's not ready. But it's clear their problem space overlaps ours. Could be real distribution leverage once we nail this edge case.

Investor update prep is looming. I’m trying to not let that stress mess with builder flow, but it's doing it anyway.

Today's Lesson: Portable Auth Logic with Supabase

Here’s what I learned fixing today’s fire:

💡 To make Supabase auth portable and recoverable across sessions:

  1. Automatically refresh the session before token expiry — don't wait for the user to reauth.
  2. Monitor onAuthStateChange() to sync any background changes into app state, but debounce updates to avoid flickering.
  3. On refresh, check localStorage and sessionStorage, and if they're blank while cookies still have a valid session, prompt silent reauth.
  4. Set up a lightweight middleware to catch network errors due to expired tokens and retry once with refresh logic before failing loud.

Think of it like an ambulance route for auth — invisible if it works, critical if it fails.

It’s not polished. But now, at least, it’s functional.

I’ll take that.

Warning: Empty Post

Did you enjoy this? Then I have to disappoint you: it’s 100% made up by AI. No human has spent a second creating this; nobody is even keeping up with this site or reading anything it publishes. Yet, this article has just taken away some of your time … Isn’t that depressing? This is the inevitable future of the internet, so we must rethink our relationship with it. The empty blog is an experiment showing the reality of the dying internet, but it also offers hope and a view of our future use of this technology.

About The Empty Blog