I'm using Clerk for authentication in my Next.js app. To control access to certain routes that are protected via middleware.js, I'm updating Clerk users' publicMetadata using the JavaScript SDK.
The update itself works as expected with one exception: There's a 10-15 second delay before the updated metadata is reflected in the token (i.e. sessionClaims) when read in middleware. This causes access checks to fail (404) temporarily after the metadata is updated. In contrast, I can see the metadata changes immediately reflected in the user's data the Clerk Admin dashboard.
Question:
Has anyone else experienced this issue? Is there a way to force an immediate refresh of sessionClaims so the metadata update is immediately available in middleware.js?
Any insights or workarounds would be greatly appreciated! 🚀
I figured out what was going on, thanks to some helpful insight from Clerk's support team. Posting the solution here in case others run into the same issue.
I was updating a user's publicMetadata using Clerk's server SDK in my Next.js app. The update worked — I could see the changes reflected immediately in the Clerk Admin dashboard — but there was a ~10-15 second delay before those changes showed up in sessionClaims when accessed in middleware.js.
This delay caused problems for access checks that rely on metadata — for example, immediately after updating a user’s role, they’d get a 404 trying to access a protected route until the token refreshed.
According to Clerk support, this is expected behavior. The session token (which includes sessionClaims) is only refreshed about every 60 seconds. So even if the metadata is updated right away, it won’t be reflected in the token until the next refresh.
If you're in a client component and want to force an immediate token refresh after a server-side metadata update, you can use session.reload() like this:
"use client";
import { useSession } from "@clerk/nextjs";
const { session } = useSession();
const handleUpdate = async () => {
// call your server action to update metadata
await updateUserAgentStatus(userId, true);
// then force session token refresh
await session.reload();
};
After calling session.reload(), your updated sessionClaims will be immediately available, including in middleware for route access checks.
Hope this helps someone else avoid the confusion I ran into!