docs(gotrue): clarify Session.expiresAt is in seconds#1447
Merged
Conversation
The expires_at value is a Unix timestamp in seconds, consistent with supabase-js. Without the unit stated, consumers reach for DateTime.fromMillisecondsSinceEpoch without multiplying by 1000, which yields a 1970 date and makes the session always read as expired. Refs #1202
github-actions
Bot
added
the
auth
grdsdev
reviewed
Jun 22, 2026
grdsdev
approved these changes
Jun 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Clarifies the doc comment for
Session.expiresAtto state that the value is a Unix timestamp in seconds, and shows the correct conversion toDateTime.Context
While investigating #1202 ("Session expiresAt always corrupted after hot restart"), I verified the reported symptom is not a library bug:
Session.expiresAtis derived from the access token's JWTexpclaim (unix seconds), not from the persistedexpires_atJSON value.Session.fromJsondoesn't even readexpires_at, so persistence/deserialization cannot corrupt it.isExpired, the auto-refresh tick,supabase_client.dart) correctly multiplies by 1000.1970-...date decodes to a millisecond value that is exactly a valid 2026 seconds timestamp, i.e. their own code passedexpires_at(seconds) intoDateTime.fromMillisecondsSinceEpochwithout* 1000.The real underlying problem is an ergonomics footgun: the previous doc comment didn't state the unit. This PR fixes that.
No behavior change; existing
session_test.darttests pass.Refs #1202