From 4eee15025725b6e9ac71a54f7dc160b602154451 Mon Sep 17 00:00:00 2001 From: Jacek Date: Tue, 2 Dec 2025 15:56:35 -0600 Subject: [PATCH 1/2] fix(clerk-js): Reload client in setActive when session not found When setActive is called with a session ID that doesn't exist in the local client (e.g., a newly created impersonation session via ticket), the client is now reloaded to fetch the new session before activation. This fixes impersonation in CSR multi-session apps when the admin already has an existing session on the target app. --- .changeset/fix-csr-multisession-impersonation.md | 6 ++++++ packages/clerk-js/src/core/clerk.ts | 9 ++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 .changeset/fix-csr-multisession-impersonation.md diff --git a/.changeset/fix-csr-multisession-impersonation.md b/.changeset/fix-csr-multisession-impersonation.md new file mode 100644 index 00000000000..8252a5e8070 --- /dev/null +++ b/.changeset/fix-csr-multisession-impersonation.md @@ -0,0 +1,6 @@ +--- +'@clerk/clerk-js': patch +--- + +Fix impersonation in CSR multi-session apps when admin has existing session. When `setActive` is called with a session ID that doesn't exist in the local client (e.g., a newly created impersonation session via ticket), the client is now reloaded to fetch the new session before activation. + diff --git a/packages/clerk-js/src/core/clerk.ts b/packages/clerk-js/src/core/clerk.ts index da8f4f62bb6..8a1333a7566 100644 --- a/packages/clerk-js/src/core/clerk.ts +++ b/packages/clerk-js/src/core/clerk.ts @@ -1456,7 +1456,14 @@ export class Clerk implements ClerkInterface { } if (typeof session === 'string') { - session = (this.client.sessions.find(x => x.id === session) as SignedInSessionResource) || null; + const sessionId = session; + session = (this.client.sessions.find(x => x.id === sessionId) as SignedInSessionResource) || null; + // If session not found, reload client to fetch newly created sessions (e.g., impersonation sessions) + // This handles the case where setActive is called immediately after creating a session via ticket + if (!session) { + await this.client.fetch(); + session = (this.client.sessions.find(x => x.id === sessionId) as SignedInSessionResource) || null; + } } const onBeforeSetActive: SetActiveHook = From c9860abb546a653bf1fad8b0071626e9bf92bd95 Mon Sep 17 00:00:00 2001 From: Jacek Date: Tue, 2 Dec 2025 15:57:33 -0600 Subject: [PATCH 2/2] udpate changeset --- .changeset/fix-csr-multisession-impersonation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changeset/fix-csr-multisession-impersonation.md b/.changeset/fix-csr-multisession-impersonation.md index 8252a5e8070..48f4e114f79 100644 --- a/.changeset/fix-csr-multisession-impersonation.md +++ b/.changeset/fix-csr-multisession-impersonation.md @@ -2,5 +2,5 @@ '@clerk/clerk-js': patch --- -Fix impersonation in CSR multi-session apps when admin has existing session. When `setActive` is called with a session ID that doesn't exist in the local client (e.g., a newly created impersonation session via ticket), the client is now reloaded to fetch the new session before activation. +Fix impersonation in CSR multi-session apps when admin has existing session