Skip to content

feat(persistence): refresh from storage before declaring an idle session#3690

Draft
pauldambra wants to merge 5 commits into
posthog-code/persist-save-debouncefrom
posthog-code/cross-tab-session-idle-refresh
Draft

feat(persistence): refresh from storage before declaring an idle session#3690
pauldambra wants to merge 5 commits into
posthog-code/persist-save-debouncefrom
posthog-code/cross-tab-session-idle-refresh

Conversation

@pauldambra
Copy link
Copy Markdown
Member

@pauldambra pauldambra commented May 28, 2026
edited
Loading

Problem

Each tab in PostHog runs its own SessionIdManager with its own idle timer. When the timer fires (or the next checkAndGetSessionAndWindowId call runs the idle check), it reads from _persistence.props[SESSION_ID] — but PostHogPersistence does not listen for storage events, so that cache only ever reflects what THIS tab has loaded or written. Sibling tabs' writes are invisible.

The consequence: a user with three tabs open, active in one and idle in the other two, gets their session rotated by the idle tabs after session_idle_timeout_seconds — splitting one continuous session into multiple session IDs in the analytics data.

Changes

Add _isSessionIdleAfterCrossTabRefresh(timestamp) which calls _persistence.load() before consulting _freshestActivityTimestamp. Wire it into both:

  • the rotation path in checkAndGetSessionAndWindowId (only on the rotation branch, to avoid the cost on every event capture)
  • the idle timer callback in _resetIdleTimer

When the timer fires and the refresh shows the session is still alive (because a sibling kept it active), re-arm the timer so the next check happens after another timeout window.

Tests

  • jest unit tests pin both directions (no rotate when sibling is active; rotate when storage agrees)
  • Playwright tests run two real tabs in the same context and check the behaviour against real localStorage and real PostHogPersistence.load() — they pass with the fix, and stashing the fix produces a fail on the cross-tab test

Release info

Libraries affected

  • posthog-js (web)

Checklist

  • Tests for new code
  • Accounted for the impact of any changes across different platforms
  • Accounted for backwards compatibility of any changes (no breaking changes!)
  • Took care not to unnecessarily increase the bundle size

@vercel
Copy link
Copy Markdown

vercel Bot commented May 28, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
posthog-example-next-app-router Error Error May 30, 2026 11:21am
posthog-js Error Error May 30, 2026 11:21am
posthog-nextjs-config Error Error May 30, 2026 11:21am

Request Review

@pauldambra Graphite App
Copy link
Copy Markdown
Member Author

pauldambra commented May 28, 2026

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 28, 2026
edited
Loading

📝 No Changeset Found

This PR doesn't include a changeset. A changeset is required to release a new version.

How to add a changeset

Run this command and follow the prompts:

pnpm changeset

Remember: Never use major version bumps for posthog-js as it's autoloaded by clients.

This was referenced May 28, 2026
Open
Open
Open
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 28, 2026
edited
Loading

⚠️ `posthog-js` is modified but this PR has no changeset

This is informational — the PR is not blocked. Click the triangle above to collapse, or push a fix and this comment will auto-delete.

Modified in this PR but no changeset added:

  • posthog-js

If this change should ship, run pnpm changeset and select a bump level.
If it isn't user-facing (refactor with no behavior change, internal tooling, generated files), no action needed.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 28, 2026
edited
Loading

Download bundle size visualization

pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/src/sessionid.ts
pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/src/sessionid.ts
pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/src/sessionid.ts Outdated
pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/src/__tests__/sessionid.test.ts
pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/src/sessionid.ts
pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/playwright/mocked/cross-tab-session.spec.ts
pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/playwright/mocked/cross-tab-session.spec.ts Outdated
pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/playwright/mocked/cross-tab-session.spec.ts Outdated
pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/src/sessionid.ts
pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/src/sessionid.ts
pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/playwright/mocked/cross-tab-session.spec.ts Outdated
pauldambra
pauldambra commented May 28, 2026
View reviewed changes
Comment thread packages/browser/playwright/mocked/cross-tab-session.spec.ts Outdated
@pauldambra
Copy link
Copy Markdown
Member Author

pauldambra commented May 28, 2026

Note

🤖 Automated comment by QA Swarm — not written by a human

Multi-perspective review: qa-team (specialists + generalists), paul-reviewer, xp-reviewer, security-audit

The reviewer was briefed that session-rotation changes are load-bearing for downstream analytics — once a session is incorrectly rotated, the data is unrecoverable. Findings calibrated accordingly: if a reviewer felt uneasy about something subtle, they were asked to surface it rather than drop it.

Verdict: ⚠️ REQUEST CHANGES

Three convergent HIGH findings — two correctness bugs that match the failure mode this PR is targeting (silent session corruption), and a latent data-loss path when combined with the new persistence_save_debounce_ms dated default landing in the same stack. The fix's shape is right, but the implementation has unfinished symmetry with the existing _flushPendingActivityTimestamp guard and the re-arm wiring has a destroy() race.

Key findings

🟠 HIGH — Convergent (xp + security-audit): sessionid.ts:353 writes back the pre-load sessionId after _persistence.load() — can clobber a sibling tab's rotation. Same shape as the bug the _flushPendingActivityTimestamp recheck guards against; the same guard is missing here.

🟠 HIGH — Convergent (xp + paul + qa-team): sessionid.ts:401 re-arm logic — destroy() race (timer outlives the manager), no observability (silent infinite re-arm), and the pre-existing fact that resetSessionId() does not clear _enforceIdleTimeout becomes more dangerous.

🟠 HIGH — qa-team/data-integrity: sessionid.ts:245 _persistence.load() overwrites in-memory props wholesale. Now fires on the live event-capture hot path. When combined with the persistence_save_debounce_ms: 250 dated default landing in #3688, debounced writes get silently wiped.

🟡 MEDIUM — Convergent (xp + qa-team + paul): New unit tests are weaker than they look — load: jest.fn() is a no-op, and props are mutated by the test itself. The tests would still pass if the fix were removed. Only the first new test pins behaviour; the second is decoration. No fake-timer-based re-arm test.

🟡 MEDIUM — qa-team/data-integrity: Throttle edge case persists — sibling tab's in-memory activity within the 5s throttle window is invisible to idle-tab refresh.

🟡 MEDIUM — qa-team/frontend: Asymmetric clock.install() in Playwright test — flake risk on slow CI.

Convergence

Concern Reviewers File:line
Pre-load sessionId clobbers sibling rotation xp + security-audit sessionid.ts:353
Re-arm wiring (race + observability + external-rotation timer leak) xp + paul + qa-team sessionid.ts:401
Unit tests don't actually exercise load() semantic / re-arm path xp + qa-team + paul sessionid.test.ts:576

Pre-existing issues this PR surfaces more strongly

  • Math.abs in _sessionHasBeenIdleTooLong — clock-skew defence currently turns "future activity" into "long-ago activity" and falsely declares idle. Now reached more often via the new code path.
  • _persistence.load() cost on idle hot path — extra localStorage.getItem + JSON.parse of the full persistence blob when activityTimeout fires. Gated correctly behind the rare idle condition.
  • Two-tab race on rotation — when this tab rotates, sibling reading storage between rotation and next event capture can independently generate a new session. Pre-existing, not introduced here.

Reviewer summaries

Reviewer Assessment
🔍 qa-team Right shape, two leaky abstractions: load() clobbers in-memory pending writes when debounce is enabled, and unit tests model the simulated semantic via direct props mutation rather than the actual load() call.
👤 paul Right fix for a scary bug, but the new indefinite re-arm loop has no unit coverage and no observability — very Knight Capital-y to silently setTimeout forever.
📐 xp Fix expresses the right idea OnceAndOnlyOnce, but the symmetry with _flushPendingActivityTimestamp is unfinished (clobber risk) and the re-arm races with destroy().
🛡 security-audit No exploitable security findings — the trust boundary for cross-tab localStorage is unchanged. Notes the same correctness concern as xp (post-refresh sessionId clobber) but doesn't file as security.

Automated by QA Swarm — not a human review

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 28, 2026
edited
Loading

Size Change: +2.89 kB (+0.02%)

Total Size: 16.4 MB

Filename Size Change
packages/browser/dist/array.full.es5.js 350 kB +336 B (+0.1%)
packages/browser/dist/array.full.js 431 kB +141 B (+0.03%)
packages/browser/dist/array.full.no-********.js 506 kB +313 B (+0.06%)
packages/browser/dist/array.js 193 kB +141 B (+0.07%)
packages/browser/dist/array.no-********.js 212 kB +313 B (+0.15%)
packages/browser/dist/default-extensions.js 191 kB +141 B (+0.07%)
packages/browser/dist/main.js 198 kB +141 B (+0.07%)
packages/browser/dist/module.full.js 434 kB +141 B (+0.03%)
packages/browser/dist/module.full.no-********.js 509 kB +313 B (+0.06%)
packages/browser/dist/module.js 197 kB +141 B (+0.07%)
packages/browser/dist/module.no-********.js 216 kB +313 B (+0.15%)
packages/browser/dist/module.slim.js 104 kB +141 B (+0.14%)
packages/browser/dist/module.slim.no-********.js 110 kB +313 B (+0.29%)
ℹ️ View Unchanged
Filename Size Change
packages/ai/dist/anthropic/index.cjs 26 kB 0 B
packages/ai/dist/anthropic/index.mjs 25.6 kB 0 B
packages/ai/dist/gemini/index.cjs 34.4 kB 0 B
packages/ai/dist/gemini/index.mjs 34.2 kB 0 B
packages/ai/dist/index.cjs 171 kB 0 B
packages/ai/dist/index.mjs 170 kB 0 B
packages/ai/dist/langchain/index.cjs 47.9 kB 0 B
packages/ai/dist/langchain/index.mjs 47.3 kB 0 B
packages/ai/dist/openai-agents/index.cjs 25.5 kB 0 B
packages/ai/dist/openai-agents/index.mjs 25.4 kB 0 B
packages/ai/dist/openai/index.cjs 50.7 kB 0 B
packages/ai/dist/openai/index.mjs 50.3 kB 0 B
packages/ai/dist/otel/index.cjs 5.68 kB 0 B
packages/ai/dist/otel/index.mjs 5.57 kB 0 B
packages/ai/dist/vercel/index.cjs 44.5 kB 0 B
packages/ai/dist/vercel/index.mjs 44.5 kB 0 B
packages/browser/dist/all-external-dependencies.js 261 kB 0 B
packages/browser/dist/conversations.js 67.3 kB 0 B
packages/browser/dist/crisp-chat-integration.js 1.97 kB 0 B
packages/browser/dist/customizations.full.js 18 kB 0 B
packages/browser/dist/dead-clicks-autocapture.js 14.3 kB 0 B
packages/browser/dist/element-inference.js 5.69 kB 0 B
packages/browser/dist/exception-autocapture.js 11.8 kB 0 B
packages/browser/dist/extension-bundles.js 106 kB 0 B
packages/browser/dist/external-scripts-loader.js 3.13 kB 0 B
packages/browser/dist/intercom-integration.js 2.03 kB 0 B
packages/browser/dist/lazy-********.js 151 kB 0 B
packages/browser/dist/logs.js 40.6 kB 0 B
packages/browser/dist/posthog-********.js 151 kB 0 B
packages/browser/dist/product-tours-preview.js 76.4 kB 0 B
packages/browser/dist/product-tours.js 115 kB 0 B
packages/browser/dist/recorder-v2.js 99 kB 0 B
packages/browser/dist/recorder.js 99 kB 0 B
packages/browser/dist/rrweb-plugin-console-record.js 6.67 kB 0 B
packages/browser/dist/rrweb-types.js 2.28 kB 0 B
packages/browser/dist/rrweb.js 280 kB 0 B
packages/browser/dist/surveys-preview.js 76.3 kB 0 B
packages/browser/dist/surveys.js 94.7 kB 0 B
packages/browser/dist/tracing-headers.js 1.84 kB 0 B
packages/browser/dist/web-vitals-with-attribution.js 11.8 kB 0 B
packages/browser/dist/web-vitals.js 6.39 kB 0 B
packages/browser/react/dist/esm/index.js 21.2 kB 0 B
packages/browser/react/dist/esm/slim/index.js 17.6 kB 0 B
packages/browser/react/dist/esm/surveys/index.js 4.68 kB 0 B
packages/browser/react/dist/umd/index.js 24.4 kB 0 B
packages/browser/react/dist/umd/slim/index.js 20.4 kB 0 B
packages/browser/react/dist/umd/surveys/index.js 5.45 kB 0 B
packages/convex/dist/client/feature-flags/crypto.js 461 B 0 B
packages/convex/dist/client/feature-flags/evaluator.js 16.5 kB 0 B
packages/convex/dist/client/feature-flags/index.js 196 B 0 B
packages/convex/dist/client/feature-flags/match-********.js 14.8 kB 0 B
packages/convex/dist/client/feature-flags/types.js 44 B 0 B
packages/convex/dist/client/index.js 14.7 kB 0 B
packages/convex/dist/component/_generated/api.js 712 B 0 B
packages/convex/dist/component/_generated/component.js 212 B 0 B
packages/convex/dist/component/_generated/dataModel.js 230 B 0 B
packages/convex/dist/component/_generated/server.js 3.74 kB 0 B
packages/convex/dist/component/convex.config.js 1.11 kB 0 B
packages/convex/dist/component/crons.js 2.26 kB 0 B
packages/convex/dist/component/lib.js 22 kB 0 B
packages/convex/dist/component/schema.js 694 B 0 B
packages/convex/dist/component/version.js 67 B 0 B
packages/core/dist/cookie.js 5.34 kB 0 B
packages/core/dist/cookie.mjs 3.12 kB 0 B
packages/core/dist/error-tracking/chunk-ids.js 2.54 kB 0 B
packages/core/dist/error-tracking/chunk-ids.mjs 1.31 kB 0 B
packages/core/dist/error-tracking/coercers/dom-exception-coercer.js 2.3 kB 0 B
packages/core/dist/error-tracking/coercers/dom-exception-coercer.mjs 993 B 0 B
packages/core/dist/error-tracking/coercers/error-coercer.js 2.02 kB 0 B
packages/core/dist/error-tracking/coercers/error-coercer.mjs 794 B 0 B
packages/core/dist/error-tracking/coercers/error-event-coercer.js 1.76 kB 0 B
packages/core/dist/error-tracking/coercers/error-event-coercer.mjs 513 B 0 B
packages/core/dist/error-tracking/coercers/event-coercer.js 1.82 kB 0 B
packages/core/dist/error-tracking/coercers/event-coercer.mjs 548 B 0 B
packages/core/dist/error-tracking/coercers/index.js 6.79 kB 0 B
packages/core/dist/error-tracking/coercers/index.mjs 326 B 0 B
packages/core/dist/error-tracking/coercers/object-coercer.js 3.46 kB 0 B
packages/core/dist/error-tracking/coercers/object-coercer.mjs 2.07 kB 0 B
packages/core/dist/error-tracking/coercers/primitive-coercer.js 1.67 kB 0 B
packages/core/dist/error-tracking/coercers/primitive-coercer.mjs 419 B 0 B
packages/core/dist/error-tracking/coercers/promise-rejection-event.js 2.59 kB 0 B
packages/core/dist/error-tracking/coercers/promise-rejection-event.mjs 1.25 kB 0 B
packages/core/dist/error-tracking/coercers/string-coercer.js 2.01 kB 0 B
packages/core/dist/error-tracking/coercers/string-coercer.mjs 820 B 0 B
packages/core/dist/error-tracking/coercers/utils.js 2.06 kB 0 B
packages/core/dist/error-tracking/coercers/utils.mjs 716 B 0 B
packages/core/dist/error-tracking/error-properties-builder.js 5.56 kB 0 B
packages/core/dist/error-tracking/error-properties-builder.mjs 4.23 kB 0 B
packages/core/dist/error-tracking/exception-steps.js 6.87 kB 0 B
packages/core/dist/error-tracking/exception-steps.mjs 4.71 kB 0 B
packages/core/dist/error-tracking/index.js 4.74 kB 0 B
packages/core/dist/error-tracking/index.mjs 191 B 0 B
packages/core/dist/error-tracking/parsers/base.js 1.83 kB 0 B
packages/core/dist/error-tracking/parsers/base.mjs 464 B 0 B
packages/core/dist/error-tracking/parsers/chrome.js 2.73 kB 0 B
packages/core/dist/error-tracking/parsers/chrome.mjs 1.32 kB 0 B
packages/core/dist/error-tracking/parsers/gecko.js 2.47 kB 0 B
packages/core/dist/error-tracking/parsers/gecko.mjs 1.13 kB 0 B
packages/core/dist/error-tracking/parsers/index.js 4.75 kB 0 B
packages/core/dist/error-tracking/parsers/index.mjs 2.1 kB 0 B
packages/core/dist/error-tracking/parsers/node.js 3.94 kB 0 B
packages/core/dist/error-tracking/parsers/node.mjs 2.68 kB 0 B
packages/core/dist/error-tracking/parsers/opera.js 2.26 kB 0 B
packages/core/dist/error-tracking/parsers/opera.mjs 746 B 0 B
packages/core/dist/error-tracking/parsers/safari.js 1.88 kB 0 B
packages/core/dist/error-tracking/parsers/safari.mjs 574 B 0 B
packages/core/dist/error-tracking/parsers/winjs.js 1.72 kB 0 B
packages/core/dist/error-tracking/parsers/winjs.mjs 426 B 0 B
packages/core/dist/error-tracking/types.js 1.33 kB 0 B
packages/core/dist/error-tracking/types.mjs 131 B 0 B
packages/core/dist/error-tracking/utils.js 1.8 kB 0 B
packages/core/dist/error-tracking/utils.mjs 604 B 0 B
packages/core/dist/eventemitter.js 1.78 kB 0 B
packages/core/dist/eventemitter.mjs 571 B 0 B
packages/core/dist/featureFlagUtils.js 6.8 kB 0 B
packages/core/dist/featureFlagUtils.mjs 4.32 kB 0 B
packages/core/dist/gzip.js 5.72 kB 0 B
packages/core/dist/gzip.mjs 3.84 kB 0 B
packages/core/dist/index.js 13.6 kB 0 B
packages/core/dist/index.mjs 1.31 kB 0 B
packages/core/dist/logs/index.js 9.47 kB 0 B
packages/core/dist/logs/index.mjs 7.87 kB 0 B
packages/core/dist/logs/logs-utils.js 5.96 kB 0 B
packages/core/dist/logs/logs-utils.mjs 3.99 kB 0 B
packages/core/dist/logs/types.js 603 B 0 B
packages/core/dist/logs/types.mjs 0 B 0 B 🆕
packages/core/dist/posthog-core-stateless.js 33.8 kB 0 B
packages/core/dist/posthog-core-stateless.mjs 31.1 kB 0 B
packages/core/dist/posthog-core.js 42 kB 0 B
packages/core/dist/posthog-core.mjs 37 kB 0 B
packages/core/dist/surveys/events.js 4.21 kB 0 B
packages/core/dist/surveys/events.mjs 1.99 kB 0 B
packages/core/dist/surveys/index.js 4.57 kB 0 B
packages/core/dist/surveys/index.mjs 894 B 0 B
packages/core/dist/surveys/translations.js 9.4 kB 0 B
packages/core/dist/surveys/translations.mjs 7.03 kB 0 B
packages/core/dist/surveys/validation.js 3.06 kB 0 B
packages/core/dist/surveys/validation.mjs 1.51 kB 0 B
packages/core/dist/testing/index.js 2.93 kB 0 B
packages/core/dist/testing/index.mjs 79 B 0 B
packages/core/dist/testing/PostHogCoreTestClient.js 3.15 kB 0 B
packages/core/dist/testing/PostHogCoreTestClient.mjs 1.74 kB 0 B
packages/core/dist/testing/test-utils.js 2.83 kB 0 B
packages/core/dist/testing/test-utils.mjs 1.15 kB 0 B
packages/core/dist/tracing-headers.js 3.38 kB 0 B
packages/core/dist/tracing-headers.mjs 2.08 kB 0 B
packages/core/dist/types.js 9.62 kB 0 B
packages/core/dist/types.mjs 7.07 kB 0 B
packages/core/dist/utils/bot-detection.js 3.28 kB 0 B
packages/core/dist/utils/bot-detection.mjs 1.95 kB 0 B
packages/core/dist/utils/bucketed-rate-limiter.js 3 kB 0 B
packages/core/dist/utils/bucketed-rate-limiter.mjs 1.62 kB 0 B
packages/core/dist/utils/index.js 11.9 kB 0 B
packages/core/dist/utils/index.mjs 1.98 kB 0 B
packages/core/dist/utils/logger.js 2.58 kB 0 B
packages/core/dist/utils/logger.mjs 1.29 kB 0 B
packages/core/dist/utils/number-utils.js 3.32 kB 0 B
packages/core/dist/utils/number-utils.mjs 1.68 kB 0 B
packages/core/dist/utils/promise-queue.js 2 kB 0 B
packages/core/dist/utils/promise-queue.mjs 768 B 0 B
packages/core/dist/utils/string-utils.js 2.73 kB 0 B
packages/core/dist/utils/string-utils.mjs 1.09 kB 0 B
packages/core/dist/utils/type-utils.js 7.04 kB 0 B
packages/core/dist/utils/type-utils.mjs 3.11 kB 0 B
packages/core/dist/utils/user-agent-utils.js 15.5 kB 0 B
packages/core/dist/utils/user-agent-utils.mjs 12.4 kB 0 B
packages/core/dist/vendor/uuidv7.js 8.29 kB 0 B
packages/core/dist/vendor/uuidv7.mjs 6.72 kB 0 B
packages/next/dist/app/PostHogProvider.js 3.33 kB 0 B
packages/next/dist/client/ClientPostHogProvider.js 1.76 kB 0 B
packages/next/dist/client/hooks.js 172 B 0 B
packages/next/dist/client/PostHogPageView.js 1.76 kB 0 B
packages/next/dist/index.client.js 401 B 0 B
packages/next/dist/index.edge.js 447 B 0 B
packages/next/dist/index.js 444 B 0 B
packages/next/dist/index.react-server.js 420 B 0 B
packages/next/dist/middleware/postHogMiddleware.js 3.7 kB 0 B
packages/next/dist/pages.client.js 502 B 0 B
packages/next/dist/pages.edge.js 570 B 0 B
packages/next/dist/pages.js 414 B 0 B
packages/next/dist/pages/getServerSidePostHog.js 1.99 kB 0 B
packages/next/dist/pages/PostHogPageView.js 1.32 kB 0 B
packages/next/dist/pages/PostHogProvider.js 1.61 kB 0 B
packages/next/dist/server/getPostHog.js 2.79 kB 0 B
packages/next/dist/server/nodeClientCache.js 1.31 kB 0 B
packages/next/dist/shared/browser.js 195 B 0 B
packages/next/dist/shared/config.js 2.08 kB 0 B
packages/next/dist/shared/constants.js 201 B 0 B
packages/next/dist/shared/cookie.js 540 B 0 B
packages/next/dist/shared/identity.js 264 B 0 B
packages/next/dist/shared/tracing-headers.js 2.18 kB 0 B
packages/nextjs-config/dist/config.js 5.82 kB 0 B
packages/nextjs-config/dist/config.mjs 4.34 kB 0 B
packages/nextjs-config/dist/index.js 2.24 kB 0 B
packages/nextjs-config/dist/index.mjs 30 B 0 B
packages/nextjs-config/dist/utils.js 2.94 kB 0 B
packages/nextjs-config/dist/utils.mjs 826 B 0 B
packages/node/dist/client.js 45.5 kB 0 B
packages/node/dist/client.mjs 43.2 kB 0 B
packages/node/dist/entrypoints/index.edge.js 4.25 kB 0 B
packages/node/dist/entrypoints/index.edge.mjs 723 B 0 B
packages/node/dist/entrypoints/index.node.js 6.04 kB 0 B
packages/node/dist/entrypoints/index.node.mjs 1.22 kB 0 B
packages/node/dist/entrypoints/nestjs.js 2.31 kB 0 B
packages/node/dist/entrypoints/nestjs.mjs 42 B 0 B
packages/node/dist/experimental.js 870 B 0 B
packages/node/dist/experimental.mjs 267 B 0 B
packages/node/dist/exports.js 6.75 kB 0 B
packages/node/dist/exports.mjs 582 B 0 B
packages/node/dist/extensions/context/context.js 2.13 kB 0 B
packages/node/dist/extensions/context/context.mjs 863 B 0 B
packages/node/dist/extensions/context/types.js 603 B 0 B
packages/node/dist/extensions/context/types.mjs 0 B 0 B 🆕
packages/node/dist/extensions/error-tracking/autocapture.js 2.66 kB 0 B
packages/node/dist/extensions/error-tracking/autocapture.mjs 1.24 kB 0 B
packages/node/dist/extensions/error-tracking/index.js 4.14 kB 0 B
packages/node/dist/extensions/error-tracking/index.mjs 2.87 kB 0 B
packages/node/dist/extensions/error-tracking/modifiers/context-lines.node.js 8.81 kB 0 B
packages/node/dist/extensions/error-tracking/modifiers/context-lines.node.mjs 7.15 kB 0 B
packages/node/dist/extensions/error-tracking/modifiers/module.node.js 2.78 kB 0 B
packages/node/dist/extensions/error-tracking/modifiers/module.node.mjs 1.45 kB 0 B
packages/node/dist/extensions/error-tracking/modifiers/relative-path.node.js 1.97 kB 0 B
packages/node/dist/extensions/error-tracking/modifiers/relative-path.node.mjs 624 B 0 B
packages/node/dist/extensions/express.js 4.56 kB 0 B
packages/node/dist/extensions/express.mjs 2.45 kB 0 B
packages/node/dist/extensions/feature-flags/cache.js 603 B 0 B
packages/node/dist/extensions/feature-flags/cache.mjs 0 B 0 B 🆕
packages/node/dist/extensions/feature-flags/crypto.js 1.57 kB 0 B
packages/node/dist/extensions/feature-flags/crypto.mjs 395 B 0 B
packages/node/dist/extensions/feature-flags/feature-flags.js 40.6 kB 0 B
packages/node/dist/extensions/feature-flags/feature-flags.mjs 38.5 kB 0 B
packages/node/dist/extensions/nestjs.js 5 kB 0 B
packages/node/dist/extensions/nestjs.mjs 2.9 kB 0 B
packages/node/dist/extensions/sentry-integration.js 4.66 kB 0 B
packages/node/dist/extensions/sentry-integration.mjs 3.17 kB 0 B
packages/node/dist/extensions/tracing-headers.js 3.31 kB 0 B
packages/node/dist/extensions/tracing-headers.mjs 1.53 kB 0 B
packages/node/dist/feature-flag-evaluations.js 5.97 kB 0 B
packages/node/dist/feature-flag-evaluations.mjs 4.63 kB 0 B
packages/node/dist/storage-memory.js 1.52 kB 0 B
packages/node/dist/storage-memory.mjs 297 B 0 B
packages/node/dist/types.js 1.43 kB 0 B
packages/node/dist/types.mjs 224 B 0 B
packages/node/dist/version.js 1.21 kB 0 B
packages/node/dist/version.mjs 46 B 0 B
packages/nuxt/dist/module.mjs 5.29 kB 0 B
packages/nuxt/dist/runtime/composables/useFeatureFlagEnabled.js 566 B 0 B
packages/nuxt/dist/runtime/composables/useFeatureFlagPayload.js 690 B 0 B
packages/nuxt/dist/runtime/composables/useFeatureFlagVariantKey.js 591 B 0 B
packages/nuxt/dist/runtime/composables/usePostHog.js 128 B 0 B
packages/nuxt/dist/runtime/nitro-plugin.js 1.08 kB 0 B
packages/nuxt/dist/runtime/vue-plugin.js 1.14 kB 0 B
packages/plugin-utils/dist/cli.js 3.14 kB 0 B
packages/plugin-utils/dist/cli.mjs 1.64 kB 0 B
packages/plugin-utils/dist/config.js 3.07 kB 0 B
packages/plugin-utils/dist/config.mjs 1.83 kB 0 B
packages/plugin-utils/dist/index.js 4.3 kB 0 B
packages/plugin-utils/dist/index.mjs 217 B 0 B
packages/plugin-utils/dist/spawn-local.js 2.17 kB 0 B
packages/plugin-utils/dist/spawn-local.mjs 918 B 0 B
packages/plugin-utils/dist/utils.js 3.27 kB 0 B
packages/plugin-utils/dist/utils.mjs 1.3 kB 0 B
packages/react-native/dist/autocapture.js 5.05 kB 0 B
packages/react-native/dist/error-tracking/index.js 7.36 kB 0 B
packages/react-native/dist/error-tracking/utils.js 2.58 kB 0 B
packages/react-native/dist/frameworks/wix-navigation.js 1.3 kB 0 B
packages/react-native/dist/hooks/useFeatureFlag.js 1.7 kB 0 B
packages/react-native/dist/hooks/useFeatureFlagResult.js 963 B 0 B
packages/react-native/dist/hooks/useFeatureFlags.js 921 B 0 B
packages/react-native/dist/hooks/useNavigationTracker.js 2.45 kB 0 B
packages/react-native/dist/hooks/usePostHog.js 544 B 0 B
packages/react-native/dist/hooks/utils.js 988 B 0 B
packages/react-native/dist/index.js 4.33 kB 0 B
packages/react-native/dist/logs-********.js 3.32 kB 0 B
packages/react-native/dist/native-deps.js 8.77 kB 0 B
packages/react-native/dist/optional/OptionalAsyncStorage.js 299 B 0 B
packages/react-native/dist/optional/OptionalExpoApplication.js 377 B 0 B
packages/react-native/dist/optional/OptionalExpoDevice.js 347 B 0 B
packages/react-native/dist/optional/OptionalExpoFileSystem.js 386 B 0 B
packages/react-native/dist/optional/OptionalExpoFileSystemLegacy.js 423 B 0 B
packages/react-native/dist/optional/OptionalExpoLocalization.js 383 B 0 B
packages/react-native/dist/optional/OptionalReactNativeDeviceInfo.js 415 B 0 B
packages/react-native/dist/optional/OptionalReactNativeLocalize.js 303 B 0 B
packages/react-native/dist/optional/OptionalReactNativeNavigation.js 415 B 0 B
packages/react-native/dist/optional/OptionalReactNativeNavigationWix.js 443 B 0 B
packages/react-native/dist/optional/OptionalReactNativeSafeArea.js 644 B 0 B
packages/react-native/dist/optional/OptionalReactNativeSvg.js 872 B 0 B
packages/react-native/dist/optional/OptionalSessionReplay.js 455 B 0 B
packages/react-native/dist/posthog-rn.js 46 kB 0 B
packages/react-native/dist/PostHogContext.js 329 B 0 B
packages/react-native/dist/PostHogErrorBoundary.js 3.19 kB 0 B
packages/react-native/dist/PostHogMaskView.js 1.68 kB 0 B
packages/react-native/dist/PostHogProvider.js 4.55 kB 0 B
packages/react-native/dist/storage.js 5.2 kB 0 B
packages/react-native/dist/surveys/components/BottomSection.js 1.46 kB 0 B
packages/react-native/dist/surveys/components/Cancel.js 909 B 0 B
packages/react-native/dist/surveys/components/ConfirmationMessage.js 1.65 kB 0 B
packages/react-native/dist/surveys/components/QuestionHeader.js 1.37 kB 0 B
packages/react-native/dist/surveys/components/QuestionTypes.js 13.3 kB 0 B
packages/react-native/dist/surveys/components/SurveyModal.js 6.27 kB 0 B
packages/react-native/dist/surveys/components/Surveys.js 6.58 kB 0 B
packages/react-native/dist/surveys/getActiveMatchingSurveys.js 2.64 kB 0 B
packages/react-native/dist/surveys/icons.js 9.97 kB 0 B
packages/react-native/dist/surveys/index.js 600 B 0 B
packages/react-native/dist/surveys/PostHogSurveyProvider.js 6.28 kB 0 B
packages/react-native/dist/surveys/survey-translations.js 1.11 kB 0 B
packages/react-native/dist/surveys/surveys-utils.js 14.2 kB 0 B
packages/react-native/dist/surveys/useActivatedSurveys.js 3.67 kB 0 B
packages/react-native/dist/surveys/useSurveyStorage.js 2.16 kB 0 B
packages/react-native/dist/tooling/expoconfig.js 4.02 kB 0 B
packages/react-native/dist/tooling/metroconfig.js 2.32 kB 0 B
packages/react-native/dist/tooling/posthogMetroSerializer.js 4.86 kB 0 B
packages/react-native/dist/tooling/utils.js 4.05 kB 0 B
packages/react-native/dist/tooling/vendor/expo/expoconfig.js 70 B 0 B
packages/react-native/dist/tooling/vendor/metro/countLines.js 237 B 0 B
packages/react-native/dist/tooling/vendor/metro/utils.js 3.35 kB 0 B
packages/react-native/dist/types.js 70 B 0 B
packages/react-native/dist/utils.js 1.14 kB 0 B
packages/react-native/dist/version.js 130 B 0 B
packages/react/dist/esm/index.js 21.2 kB 0 B
packages/react/dist/esm/slim/index.js 17.6 kB 0 B
packages/react/dist/esm/surveys/index.js 4.68 kB 0 B
packages/react/dist/umd/index.js 24.4 kB 0 B
packages/react/dist/umd/slim/index.js 20.4 kB 0 B
packages/react/dist/umd/surveys/index.js 5.45 kB 0 B
packages/rollup-plugin/dist/index.js 2.44 kB 0 B
packages/rrweb/all/dist/rrweb-all.cjs 612 kB 0 B
packages/rrweb/all/dist/rrweb-all.js 612 kB 0 B
packages/rrweb/all/dist/rrweb-all.umd.cjs 615 kB 0 B
packages/rrweb/all/dist/rrweb-all.umd.min.cjs 290 kB 0 B
packages/rrweb/packer/dist/base-********.js 18.2 kB 0 B
packages/rrweb/packer/dist/base-********.cjs 18.3 kB 0 B
packages/rrweb/packer/dist/base-********.umd.cjs 18.7 kB 0 B
packages/rrweb/packer/dist/base-********.umd.min.cjs 9.5 kB 0 B
packages/rrweb/packer/dist/pack.cjs 347 B 0 B
packages/rrweb/packer/dist/pack.js 285 B 0 B
packages/rrweb/packer/dist/pack.umd.cjs 1.63 kB 0 B
packages/rrweb/packer/dist/pack.umd.min.cjs 1.11 kB 0 B
packages/rrweb/packer/dist/packer.cjs 257 B 0 B
packages/rrweb/packer/dist/packer.js 136 B 0 B
packages/rrweb/packer/dist/packer.umd.cjs 662 B 0 B
packages/rrweb/packer/dist/packer.umd.min.cjs 626 B 0 B
packages/rrweb/packer/dist/unpack.cjs 769 B 0 B
packages/rrweb/packer/dist/unpack.js 702 B 0 B
packages/rrweb/packer/dist/unpack.umd.cjs 1.17 kB 0 B
packages/rrweb/packer/dist/unpack.umd.min.cjs 955 B 0 B
packages/rrweb/plugins/rrweb-plugin-canvas-webrtc-record/dist/rrweb-plugin-canvas-webrtc-record.cjs 37.6 kB 0 B
packages/rrweb/plugins/rrweb-plugin-canvas-webrtc-record/dist/rrweb-plugin-canvas-webrtc-record.js 37.5 kB 0 B
packages/rrweb/plugins/rrweb-plugin-canvas-webrtc-record/dist/rrweb-plugin-canvas-webrtc-record.umd.cjs 38 kB 0 B
packages/rrweb/plugins/rrweb-plugin-canvas-webrtc-record/dist/rrweb-plugin-canvas-webrtc-record.umd.min.cjs 22.2 kB 0 B
packages/rrweb/plugins/rrweb-plugin-canvas-webrtc-replay/dist/rrweb-plugin-canvas-webrtc-replay.cjs 34.3 kB 0 B
packages/rrweb/plugins/rrweb-plugin-canvas-webrtc-replay/dist/rrweb-plugin-canvas-webrtc-replay.js 34.2 kB 0 B
packages/rrweb/plugins/rrweb-plugin-canvas-webrtc-replay/dist/rrweb-plugin-canvas-webrtc-replay.umd.cjs 34.7 kB 0 B
packages/rrweb/plugins/rrweb-plugin-canvas-webrtc-replay/dist/rrweb-plugin-canvas-webrtc-replay.umd.min.cjs 20.5 kB 0 B
packages/rrweb/plugins/rrweb-plugin-console-record/dist/rrweb-plugin-console-record.cjs 14.9 kB 0 B
packages/rrweb/plugins/rrweb-plugin-console-record/dist/rrweb-plugin-console-record.js 14.8 kB 0 B
packages/rrweb/plugins/rrweb-plugin-console-record/dist/rrweb-plugin-console-record.umd.cjs 15.4 kB 0 B
packages/rrweb/plugins/rrweb-plugin-console-record/dist/rrweb-plugin-console-record.umd.min.cjs 7.33 kB 0 B
packages/rrweb/plugins/rrweb-plugin-console-replay/dist/rrweb-plugin-console-replay.cjs 5.01 kB 0 B
packages/rrweb/plugins/rrweb-plugin-console-replay/dist/rrweb-plugin-console-replay.js 4.9 kB 0 B
packages/rrweb/plugins/rrweb-plugin-console-replay/dist/rrweb-plugin-console-replay.umd.cjs 5.44 kB 0 B
packages/rrweb/plugins/rrweb-plugin-console-replay/dist/rrweb-plugin-console-replay.umd.min.cjs 2.64 kB 0 B
packages/rrweb/plugins/rrweb-plugin-sequential-id-record/dist/rrweb-plugin-sequential-id-record.cjs 681 B 0 B
packages/rrweb/plugins/rrweb-plugin-sequential-id-record/dist/rrweb-plugin-sequential-id-record.js 548 B 0 B
packages/rrweb/plugins/rrweb-plugin-sequential-id-record/dist/rrweb-plugin-sequential-id-record.umd.cjs 1.12 kB 0 B
packages/rrweb/plugins/rrweb-plugin-sequential-id-record/dist/rrweb-plugin-sequential-id-record.umd.min.cjs 829 B 0 B
packages/rrweb/plugins/rrweb-plugin-sequential-id-replay/dist/rrweb-plugin-sequential-id-replay.cjs 933 B 0 B
packages/rrweb/plugins/rrweb-plugin-sequential-id-replay/dist/rrweb-plugin-sequential-id-replay.js 820 B 0 B
packages/rrweb/plugins/rrweb-plugin-sequential-id-replay/dist/rrweb-plugin-sequential-id-replay.umd.cjs 1.37 kB 0 B
packages/rrweb/plugins/rrweb-plugin-sequential-id-replay/dist/rrweb-plugin-sequential-id-replay.umd.min.cjs 968 B 0 B
packages/rrweb/record/dist/rrweb-record.cjs 174 kB 0 B
packages/rrweb/record/dist/rrweb-record.js 174 kB 0 B
packages/rrweb/record/dist/rrweb-record.umd.cjs 174 kB 0 B
packages/rrweb/record/dist/rrweb-record.umd.min.cjs 83.5 kB 0 B
packages/rrweb/replay/dist/rrweb-replay.cjs 440 kB 0 B
packages/rrweb/replay/dist/rrweb-replay.js 440 kB 0 B
packages/rrweb/replay/dist/rrweb-replay.umd.cjs 443 kB 0 B
packages/rrweb/replay/dist/rrweb-replay.umd.min.cjs 210 kB 0 B
packages/rrweb/rrdom-nodejs/dist/rrdom-nodejs.cjs 150 kB 0 B
packages/rrweb/rrdom-nodejs/dist/rrdom-nodejs.js 149 kB 0 B
packages/rrweb/rrdom-nodejs/dist/rrdom-nodejs.umd.cjs 152 kB 0 B
packages/rrweb/rrdom-nodejs/dist/rrdom-nodejs.umd.min.cjs 70.8 kB 0 B
packages/rrweb/rrdom/dist/rrdom.cjs 174 kB 0 B
packages/rrweb/rrdom/dist/rrdom.js 173 kB 0 B
packages/rrweb/rrdom/dist/rrdom.umd.cjs 175 kB 0 B
packages/rrweb/rrdom/dist/rrdom.umd.min.cjs 80.8 kB 0 B
packages/rrweb/rrweb-snapshot/dist/record.cjs 32.6 kB 0 B
packages/rrweb/rrweb-snapshot/dist/record.js 31.6 kB 0 B
packages/rrweb/rrweb-snapshot/dist/record.umd.cjs 53.9 kB 0 B
packages/rrweb/rrweb-snapshot/dist/record.umd.min.cjs 25.8 kB 0 B
packages/rrweb/rrweb-snapshot/dist/replay.cjs 138 kB 0 B
packages/rrweb/rrweb-snapshot/dist/replay.js 137 kB 0 B
packages/rrweb/rrweb-snapshot/dist/replay.umd.cjs 161 kB 0 B
packages/rrweb/rrweb-snapshot/dist/replay.umd.min.cjs 74 kB 0 B
packages/rrweb/rrweb-snapshot/dist/rrweb-********.cjs 2.27 kB 0 B
packages/rrweb/rrweb-snapshot/dist/rrweb-********.js 1.42 kB 0 B
packages/rrweb/rrweb-snapshot/dist/rrweb-********.umd.cjs 218 kB 0 B
packages/rrweb/rrweb-snapshot/dist/rrweb-********.umd.min.cjs 92 kB 0 B
packages/rrweb/rrweb-snapshot/dist/types-********.cjs 18.3 kB 0 B
packages/rrweb/rrweb-snapshot/dist/types-********.umd.cjs 18.8 kB 0 B
packages/rrweb/rrweb-snapshot/dist/types-********.umd.min.cjs 9.31 kB 0 B
packages/rrweb/rrweb-snapshot/dist/types-********.js 17.8 kB 0 B
packages/rrweb/rrweb/dist/rrweb.cjs 595 kB 0 B
packages/rrweb/rrweb/dist/rrweb.js 595 kB 0 B
packages/rrweb/rrweb/dist/rrweb.umd.cjs 596 kB 0 B
packages/rrweb/rrweb/dist/rrweb.umd.min.cjs 281 kB 0 B
packages/rrweb/types/dist/rrweb-types.cjs 5.64 kB 0 B
packages/rrweb/types/dist/rrweb-types.js 5.38 kB 0 B
packages/rrweb/types/dist/rrweb-types.umd.cjs 6.04 kB 0 B
packages/rrweb/types/dist/rrweb-types.umd.min.cjs 2.8 kB 0 B
packages/rrweb/utils/dist/rrweb-utils.cjs 6.41 kB 0 B
packages/rrweb/utils/dist/rrweb-utils.js 5.95 kB 0 B
packages/rrweb/utils/dist/rrweb-utils.umd.cjs 6.82 kB 0 B
packages/rrweb/utils/dist/rrweb-utils.umd.min.cjs 3.51 kB 0 B
packages/types/dist/capture-log.js 603 B 0 B
packages/types/dist/capture-log.mjs 0 B 0 B 🆕
packages/types/dist/capture.js 603 B 0 B
packages/types/dist/capture.mjs 0 B 0 B 🆕
packages/types/dist/common.js 603 B 0 B
packages/types/dist/common.mjs 0 B 0 B 🆕
packages/types/dist/feature-flags.js 603 B 0 B
packages/types/dist/feature-flags.mjs 0 B 0 B 🆕
packages/types/dist/index.js 603 B 0 B
packages/types/dist/index.mjs 0 B 0 B 🆕
packages/types/dist/posthog-config.js 603 B 0 B
packages/types/dist/posthog-config.mjs 0 B 0 B 🆕
packages/types/dist/posthog.js 603 B 0 B
packages/types/dist/posthog.mjs 0 B 0 B 🆕
packages/types/dist/request.js 603 B 0 B
packages/types/dist/request.mjs 0 B 0 B 🆕
packages/types/dist/segment.js 603 B 0 B
packages/types/dist/segment.mjs 0 B 0 B 🆕
packages/types/dist/session-recording.js 603 B 0 B
packages/types/dist/session-recording.mjs 0 B 0 B 🆕
packages/types/dist/survey.js 603 B 0 B
packages/types/dist/survey.mjs 0 B 0 B 🆕
packages/types/dist/toolbar.js 603 B 0 B
packages/types/dist/toolbar.mjs 0 B 0 B 🆕
packages/types/dist/tree-shakeable.js 603 B 0 B
packages/types/dist/tree-shakeable.mjs 0 B 0 B 🆕
packages/web/dist/index.cjs 13.8 kB 0 B
packages/web/dist/index.mjs 13.7 kB 0 B
packages/webpack-plugin/dist/config.js 1.53 kB 0 B
packages/webpack-plugin/dist/config.mjs 543 B 0 B
packages/webpack-plugin/dist/index.js 5.38 kB 0 B
packages/webpack-plugin/dist/index.mjs 2.04 kB 0 B
tooling/changelog/dist/index.js 3.31 kB 0 B
tooling/rollup-utils/dist/index.js 1.17 kB 0 B

compressed-size-action

@pauldambra pauldambra force-pushed the posthog-code/cross-tab-session-idle-refresh branch from 53db0af to 9d9ecd0 Compare May 28, 2026 16:32
@pauldambra pauldambra force-pushed the posthog-code/persist-save-debounce branch from 410bcb4 to a81968c Compare May 28, 2026 16:32
@pauldambra pauldambra force-pushed the posthog-code/cross-tab-session-idle-refresh branch from f214da7 to 3381c3d Compare May 28, 2026 17:37
@pauldambra pauldambra force-pushed the posthog-code/cross-tab-session-idle-refresh branch from 3381c3d to de29137 Compare May 28, 2026 22:12
@pauldambra pauldambra force-pushed the posthog-code/cross-tab-session-idle-refresh branch from de29137 to 6c84dbe Compare May 28, 2026 22:18
@pauldambra pauldambra force-pushed the posthog-code/persist-save-debounce branch from 46c8da3 to d54fa02 Compare May 28, 2026 22:18
pauldambra added 5 commits May 30, 2026 10:28
@pauldambra
feat(persistence): refresh from storage before declaring an idle session
df94f6c 
PostHogPersistence does not subscribe to `storage` events, so an idle
tab's cached `_persistence.props[SESSION_ID]` lags writes from sibling
tabs. Without this fix, when an idle tab's idle timer fires (or its
next event capture runs the idle check) it reads its own stale activity
timestamp and rotates the session — even though another tab has been
capturing events that keep the session alive.

The fix adds `_isSessionIdleAfterCrossTabRefresh(timestamp)` which calls
`_persistence.load()` before consulting `_freshestActivityTimestamp`,
wired into both the rotation path in `checkAndGetSessionAndWindowId`
and the idle timer callback. The timer also re-arms when it decides the
session is still alive so we re-check after another timeout window.

Tests:
- jest tests pin both directions (no rotate when sibling kept it alive;
  rotate when refresh confirms idle)
- playwright tests with two real browser tabs in the same context
  verify the end-to-end behaviour against real localStorage and real
  `PostHogPersistence.load()` — they pass with the fix and fail without
  it (verified by stashing the change)

Generated-By: PostHog Code
Task-Id: 3946962f-7365-4b7b-8f5f-8f9309ed88c6
@pauldambra
fix(persistence): harden cross-tab refresh — flush, re-sample, guard …
ecf89c7 
…destroy

Three convergent HIGH findings from QA Swarm review:

1. `_persistence.load()` in `_isSessionIdleAfterCrossTabRefresh` clobbers
   pending debounced writes when `persistence_save_debounce_ms > 0` (the
   2026-05-30 dated default landing in this same stack sets it to 250ms).
   `load()` replaces `props` wholesale. Now `flush()` is called first to
   push pending debounced writes to storage, mirroring the same fix
   applied to `_flushPendingActivityTimestamp` earlier in the stack.

2. `checkAndGetSessionAndWindowId`'s cross-tab refresh path could clobber
   a sibling tab's session rotation. Sequence: this tab has stale view
   (sessionA), sibling rotated to sessionB and wrote a fresh activity
   timestamp. Our refresh observes sessionB and decides not to rotate,
   but the local `sessionId`/`startTimestamp` captured BEFORE the load
   were stale. `_setSessionId` then writes sessionA back, clobbering
   sessionB. Fix: re-sample `_getSessionId()` after the cross-tab
   refresh, matching the same defence `_flushPendingActivityTimestamp`
   uses on the unload path.

3. The new self-perpetuating `_resetIdleTimer` recursion races with
   `destroy()` — a setTimeout callback queued before destroy could
   re-arm onto a torn-down instance. Added a `_destroyed` flag set in
   `destroy()`; both the entry of `_resetIdleTimer` and the timer
   callback short-circuit if set.

Regression tests:
- pins the flush()-before-load() order in cross-tab refresh
- pins that the post-refresh write uses the refreshed sessionId, not
  the stale one captured before the refresh
- pins that destroy() prevents re-arm even after the callback would
  have decided 'still alive'

Generated-By: PostHog Code
Task-Id: 3946962f-7365-4b7b-8f5f-8f9309ed88c6
@pauldambra
test(persistence): tidy cross-tab Playwright spec
f36cff1 
- Drop `as any` casts. The `WindowWithPostHog` type already exposes
  `posthog: PostHog`, and `PostHog.sessionManager` /
  `SessionIdManager.checkAndGetSessionAndWindowId` are already public
  on the typed surface. A rename now fails typecheck instead of
  silently breaking the test.
- Parameterize the two cases (sibling-keeps-alive vs all-idle) over a
  single shared body. The two tests had near-identical setup and only
  differed in one branch.
- Rewrite the header comment to enumerate what the file does and does
  not cover, so a future reader does not assume timer-callback or
  throttle-interaction paths are exercised here (they are not; the unit
  tests in `sessionid.test.ts` cover them).
- Document that both tabs get the Playwright clock installed (first
  tab via the fixture, second via explicit `tab.clock.install()` in
  `startSecondTab`).
- Inline note that the all-idle case is a regression guard, not a
  fix-pin — it passes with or without the cross-tab refresh logic.

Generated-By: PostHog Code
Task-Id: 3946962f-7365-4b7b-8f5f-8f9309ed88c6
@pauldambra
fix(persistence): per-key SESSION_ID refresh on cross-tab idle path
2d5fe77 
The `flush() + load()` cycle inside `_isSessionIdleAfterCrossTabRefresh`
and `_flushPendingActivityTimestamp` writes the WHOLE props blob to
storage (clobbering a sibling's fresh SESSION_ID write) before reading
it back. Replace with a per-key `PostHogPersistence.refreshKey(prop)`
that updates only the SESSION_ID slot from storage. Also emit
`onSessionId` handlers when the cross-tab refresh observes a sibling
rotation (previously silent).

Both changes are gated on `persistence_save_debounce_ms > 0`. The
clobber bug only bites when debounce is on (a no-op flush in the
ungated path can't clobber). The dated default `>= 2026-05-30`
enables debounce, so rollout matches the bug surface.

New test suite (`cross-tab-persistence.test.ts`) drives two real
`PostHogPersistence` instances sharing localStorage and documents the
full ACCEPT/REJECT/PRESERVE contract across 36 scenarios.

Generated-By: PostHog Code
Task-Id: 3946962f-7365-4b7b-8f5f-8f9309ed88c6
@pauldambra
test(persistence): cover both gated paths in cross-tab suite
9188e4d 
Parameterize the cross-tab behavioural contract over
persistence_save_debounce_ms in {0, 250} so the legacy (flush+load)
path gets the same ACCEPT/REJECT/PRESERVE coverage as the hardened
(per-key refresh) path. Previously only the hardened path was
exercised, leaving the debounce-disabled default (every user on
defaults < 2026-05-30) behaviourally untested.

Pending-local-write survival is hardened-only by nature: with
debounce off, register() writes the whole blob immediately and
clobbers the sibling, so tab B spuriously rotates. That clobber is
pinned explicitly as a legacy-path KNOWN LIMITATION so the gating's
value is documented rather than silently assumed.

Generated-By: PostHog Code
Task-Id: 3946962f-7365-4b7b-8f5f-8f9309ed88c6
@pauldambra pauldambra force-pushed the posthog-code/cross-tab-session-idle-refresh branch from a02e0f0 to 9188e4d Compare May 30, 2026 11:19
@pauldambra pauldambra force-pushed the posthog-code/persist-save-debounce branch from d54fa02 to 35a9cd2 Compare May 30, 2026 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pauldambra