GitHub user dosubot[bot] added a comment to the discussion: localStorage misses last_async_event_id
<!-- Answer --> The issue is likely related to how your custom OAuth with server-side sessions interacts with Superset's async event system. Here's what's happening: **Root Cause:** The `last_async_event_id` in localStorage is only set *after* the first async event is received from the server - it's not initialized on page load. Empty `/async_event` responses mean events aren't being written to Redis at all, not a localStorage problem. **Most Likely Culprit - Session State:** The [async-token JWT cookie is created by an after-request handler](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/async_events/async_query_manager.py#L162-L195) that requires Flask session persistence of `async_channel_id` and `async_user_id`. If your custom OAuth clears or resets sessions, these keys get removed and a new token gets generated on every request, causing channel mismatches. The handler [regenerates the token when these conditions are true](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/async_events/async_query_manager.py#L167-L171): - No async-token cookie exists - Session lacks `async_channel_id` - Session lacks `async_user_id` - Current user_id doesn't match session's `async_user_id` **Debugging Steps:** 1. Check browser DevTools → Application → Cookies for `async-token` cookie 2. Verify the JWT secret is at least 32 bytes per [AsyncQueryManager requirements](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/async_events/async_query_manager.py#L134-L137) 3. Monitor Redis for keys like `async-events-{uuid}` being created 4. Check Celery logs for async job submissions and completions 5. Verify your OAuth implementation preserves Flask session between requests (specifically the `async_channel_id` and `async_user_id` keys) **Cookie Configuration Check:** Ensure your cookie settings match your deployment (HTTPS vs HTTP, domain, SameSite). This is a [known silent failure mode](https://github.com/apache/superset/issues/37753) - browsers silently drop cookies with mismatched attributes. Data loading after manual refreshes suggests the cache is being populated by Celery, but the event notification channel is broken - pointing strongly to the JWT/session mismatch issue. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/6be9ef11-9fe1-476e-8fe3-3b132a14f904?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/6be9ef11-9fe1-476e-8fe3-3b132a14f904?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/6be9ef11-9fe1-476e-8fe3-3b132a14f904?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/6be9ef11-9fe1-476e-8fe3-3b132a14f904?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/6be9ef11-9fe1-476e-8fe3-3b132a14f904?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/6be9ef11-9fe1-476e-8fe3-3b132a14f904?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/6be9ef11-9fe1-476e-8fe3-3b132a14f904?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=The%20issue%20is%20likely%20related%20to%20how%20your%20custom%20OAuth%20with%20server-side%20sessions%20interacts%20with%20Superset%27s%20async%20event%20system.%20Here%27s%20what%27s%20happening%3A%0A%0A%2A%2ARoot%20Cause%3A%2A%2A%20The%20%60last_async_event_id%60%20in%20localStorage%20is%20only%20set%20%2Aafter%2A%20the%20first%20async%20event%20is%20received%20from%20the%20server%20-%20it%27s%20not%20initialized%20on%20page%20load.%20Empty%20%60/async_event%60%20responses%20mean%20events%20aren%27t%20being%20written%20to%20Redis%20at%20all%2C%20not%20a%20localStorage%20problem.%0A%0A%2A%2AMost%20Likely%20Culprit%20-%20Session%20State%3A%2A%2A%0AThe%20%5Basync-token%20JWT%20cookie%20is%20created%20by%20an%20after-request%20handler%5D%28https%3A//gi thub.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/async_events/async_query_manager.py%23L162-L195%29%20that%20requires%20Flask%20session%20persistence%20of%20%60async_channel_id%60%20and%20%60async_user_id%60.%20If%20your%20custom%20OAuth%20clears%20or%20resets%20sessions%2C%20these%20keys%20get%20removed%20and%20a%20new%20token%20gets%20generated%20on%20every%20request%2C%20causing%20channel%20mismatches.%0A%0AThe%20handler%20%5Bregenerates%20the%20token%20when%20these%20conditions%20are%20true%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/async_events/async_query_manager.py%23L167-L171%29%3A%0A-%20No%20async-token%20cookie%20exists%0A-%20Session%20lacks%20%60async_channel_id%60%0A-%20Session%20lacks%20%60async_user_id%60%20%20%0A-%20Current%20user_id%20doesn%27t%20match%20session%27s%20%60async_user_id%60%0A%0A%2A%2ADebugging%20Steps%3A%2A%2A%0A1.%20Check%20browser%20DevTools%20%E2%86%92%20Application %20%E2%86%92%20Cookies%20for%20%60async-token%60%20cookie%0A2.%20Verify%20the%20JWT%20secret%20is%20at%20least%2032%20bytes%20per%20%5BAsyncQueryManager%20requirements%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/async_events/async_query_manager.py%23L134-L137%29%0A3.%20Monitor%20Redis%20for%20keys%20like%20%60async-events-%7Buuid%7D%60%20being%20created%0A4.%20Check%20Celery%20logs%20for%20async%20job%20submissions%20and%20completions%0A5.%20Verify%20your%20OAuth%20implementation%20preserves%20Flask%20session%20between%20requests%20%28specifically%20the%20%60async_channel_id%60%20and%20%60async_user_id%60%20keys%29%0A%0A%2A%2ACookie%20Configuration%20Check%3A%2A%2A%0AEnsure%20your%20cookie%20settings%20match%20your%20deployment%20%28HTTPS%20vs%20HTTP%2C%20domain%2C%20SameSite%29.%20This%20is%20a%20%5Bknown%20silent%20failure%20mode%5D%28https%3A//github.com/apache/superset/issues/37753%29%20-%20browsers%20silently%20drop%20cookies %20with%20mismatched%20attributes.%0A%0AData%20loading%20after%20manual%20refreshes%20suggests%20the%20cache%20is%20being%20populated%20by%20Celery%2C%20but%20the%20event%20notification%20channel%20is%20broken%20-%20pointing%20strongly%20to%20the%20JWT/session%20mismatch%20issue.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/38303) GitHub link: https://github.com/apache/superset/discussions/38303#discussioncomment-15948699 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
