@pylonsync/sync 0.3.93 → 0.3.95

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/index.ts +11 -1
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "publishConfig": {
4
4
  "access": "public"
5
5
  },
6
- "version": "0.3.93",
6
+ "version": "0.3.95",
7
7
  "type": "module",
8
8
  "main": "src/index.ts",
9
9
  "types": "src/index.ts",
package/src/index.ts CHANGED
@@ -1299,7 +1299,17 @@ export class SyncEngine {
1299
1299
  const headers: Record<string, string> = {};
1300
1300
  const token = this.currentToken();
1301
1301
  if (token) headers["Authorization"] = `Bearer ${token}`;
1302
- return fetch(`${this.config.baseUrl}${path}`, { headers });
1302
+ // `credentials: "include"` so cookie-auth apps (Yapless and
1303
+ // anyone else relying on the `<app>_session` cookie pylon sets
1304
+ // at login) actually authenticate on /api/auth/me. Without it
1305
+ // `refreshResolvedSession` returns 401 → tenantNow stays the
1306
+ // same → `resetReplica` never fires on /api/auth/select-org
1307
+ // → the local store keeps every previous tenant's rows in
1308
+ // cache and `db.useQuery` returns stale data after a switch.
1309
+ return fetch(`${this.config.baseUrl}${path}`, {
1310
+ headers,
1311
+ credentials: "include",
1312
+ });
1303
1313
  }
1304
1314
 
1305
1315
  /**