Clerk auth breaks after Railway redeploy: sessions not recognized, tRPC UNAUTHORIZED despite unchanged env
evanth-ai
HOBBYOP

2 months ago

  • Summary: After a routine redeploy on Railway (no auth changes), all protected requests fail with UNAUTHORIZED. Clerk returns isAuthenticated=false, userId=null on server. Rolling back to the previous image fixes it instantly with the same env.

  • Impact: Users can’t access any authenticated features.

  • Expected: With NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY (build) and CLERK_SECRET_KEY (runtime) set, sessions should remain valid across redeploys.

  • Actual: New deployment consistently loses Clerk session on server; prior image works.

  • What we tried:

  • Verified Railway Build/Runtime vars (publishable + secret) present.

  • Confirmed Clerk Allowed Origins/Redirects include our exact Railway domain (HTTPS).

  • Cleared cookies, relogin; same result.

  • Redeployed multiple times; still broken.

  • Rollback to previous build restores normal behavior.

  • Logs (server): Clerk context shows isAuthenticated=false, userId=null; tRPC throws UNAUTHORIZED for protected routes.

  • Environment:

  • Next.js + tRPC, Clerk auth

  • Railway (Docker build + runtime)

  • Ask: Please investigate potential issues with build/runtime env propagation or cookie/session handling across new images. Why would a fresh deploy lose Clerk session validation while a rollback with identical env works?

Solved$20 Bounty

2 Replies

brody
EMPLOYEE

2 months ago

This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.

Status changed to Open brody 2 months ago

dev
MODERATOR

2 months ago

My best guess would be that the service variables where changed somewhere but the deployment was cancelled, leading to following deployments deploying with the misconfigured service variables. Rolling back returns the service state with the old service variables which makes it work again. To be clear, rolling back won't change the service variables even if it's deploying with older variables. Can you check the Activity tab (bottom right) for changes to see if changes were made to the variables?

evanth-ai
HOBBYOP

2 months ago

Resolved - Issue was caused by container base image changes affecting SSL/TLS certificate handling, which broke Clerk's server-side session validation. Fixed by updating Node.js version and SSL certificate environment configuration. Auth is now working properly after rebuild.

Thanks for the assistance!

Status changed to Solved evanth-ai 2 months ago

Loading...