fix(clerk-js): Prevent session cookie removal during offline token refresh

[bratsos]

Description

When offline, two code paths in Session.ts emit token:update events with empty tokens. AuthCookieService interprets empty tokens as signed-out and removes the __session cookie — even though the session is still valid server-side. On the next page load or visibility change, the missing cookie makes the user appear signed out.

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• Bug Fixes
  • Fixed unexpected sign-outs that occurred when the browser temporarily lost network connectivity.

[changeset-bot]

🦋 Changeset detected

Latest commit: 2377201

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
@clerk/clerk-js	Patch
@clerk/chrome-extension	Patch
@clerk/expo	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Feb 25, 2026 6:04pm

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7912

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7912

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7912

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7912

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7912

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7912

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7912

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7912

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7912

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7912

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@7912

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7912

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7912

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7912

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7912

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7912

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7912

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7912

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7912

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7912

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7912

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7912

commit: 2377201

[jacekradko]

🎉

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 992a3ba and 2377201.

📒 Files selected for processing (3)

• .changeset/three-ads-fold.md
• packages/clerk-js/src/core/resources/Session.ts
• packages/clerk-js/src/core/resources/__tests__/Session.test.ts

---

📝 Walkthrough

Walkthrough

This pull request adds a patch release for @clerk/clerk-js that addresses random sign-outs during temporary network loss. Changes include: refactoring the _getToken method in Session.ts to prevent emitting empty token updates while offline, adding explicit error handling to trigger retry logic, and skipping cache/dispatch operations for empty tokens during offline states. Corresponding test updates expand coverage for offline token scenarios, including background refresh behavior and event emission patterns.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main fix: preventing session cookie removal during offline token refresh. It's specific, clear, and directly relates to the core problem solved in the changeset (gating TokenUpdate emissions when offline).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[brkalow]

Recommend that we re-use ClerkOfflineError here

[brkalow]

does this throw if offline? should we avoid fetching if we're offline in the first place?