Session does not persist after browser close (Safari) – “unable to decrypt bundle using embedded key”

[syuhei176]

Environment

• Browser version: Safari Version 17.6 (19618.3.11.11.5)
• Mac OS Sonoma 14.6.1
• AA SDK version: v4.40.0 (v4.0.0 - v4.40.0)
• Package: @account-kit/signer

Describe the problem

We’re experiencing a critical issue where sessions do not persist across browser restarts when using Alchemy Account Kit on Safari (both desktop and iOS). Upon reopening the browser, the following error occurs:

Failed to load user from session  
Error: unable to decrypt bundle using embedded key. the bundle may be incorrect. failed with error: M: The operation failed for an operation-specific reason

How to reproduce:

1.	Use Safari (desktop or iOS) or Chrome on iOS
2.	Open an app that integrates Alchemy Account Kit and log in using Google, email, or any other supported social login provider.
3.	Close the browser completely (i.e. force quit or fully close the app so that in-memory data is cleared)
4.	Reopen the browser and revisit the app
5.	Session fails to restore, and the error above appears

I initially discovered the issue in my own project, but it also occurs in the following examples:

• https://demo.alchemy.com/
• https://github.com/alchemyplatform/embedded-accounts-demo

Relevant code or sample repro:

For reference, I have confirmed that the Turnkey bundle is indeed being passed to injectCredentialBundle. So localStorage is not being cleared.

• https://github.com/alchemyplatform/aa-sdk/blob/main/account-kit/signer/src/session/manager.ts#L111-L122

• aa-sdk/account-kit/signer/src/client/index.ts

  Line 266 in 7e5c676

  const result = await this.iframeStamper.injectCredentialBundle(bundle);

[syuhei176]

I believe the root cause is that the key inside iframe-stamper is not being persisted across browser restarts.

Are there any plans to support indexeddb-stamper in the signer?

Turnkey recently introduced IndexedDB-based stampers that improve session persistence:
https://www.turnkey.com/blog/introducing-indexeddb-improved-session-persistence-verifiable-sessions-and-upgraded-auth-for-seamless-web-apps

[Rahul-Roy-Hub]

Yes the root cause is that the key inside iframe-stamper, because iframe-stamper not persisting keys across browser restarts appears to be correct and represents a more precise diagnosis of the Safari session persistence issue.

Currently there's no specific information about Alchemy Account Kit's roadmap for supporting IndexedDB stampers in the @account-kit/signer package. The current implementation appears to rely on the iframe-stamper approach, which is causing the Safari compatibility issues you're experiencing.

I think contact Alchemy Support (support@alchemy.com) - Since this is a critical compatibility issue affecting Safari users reach out to Alchemy's engineering team directly to inquire about.

[syuhei176]

Yes the root cause is that the key inside iframe-stamper, because iframe-stamper not persisting keys across browser restarts appears to be correct and represents a more precise diagnosis of the Safari session persistence issue.

Currently there's no specific information about Alchemy Account Kit's roadmap for supporting IndexedDB stampers in the @account-kit/signer package. The current implementation appears to rely on the iframe-stamper approach, which is causing the Safari compatibility issues you're experiencing.

I think contact Alchemy Support (support@alchemy.com) - Since this is a critical compatibility issue affecting Safari users reach out to Alchemy's engineering team directly to inquire about.

Thanks for the comment — really appreciate it.

I've reached out to Alchemy Support via email to follow up on this issue, especially regarding potential support for indexeddb-stamper in @account-kit/signer.

Will update this thread if I receive any meaningful response.

[syuhei176]

Just heard back from Alchemy Support — they confirmed that indexeddb-stamper is not currently supported in the Account Kit SDK, but improving session persistence is on their roadmap.

They mentioned they're actively exploring ways to integrate mechanisms like indexeddb-stamper or similar approaches to improve reliability, especially for iOS and Safari users.

Really appreciate the update from the team, and looking forward to the improvements!

[Rahul-Roy-Hub]

Thanks so much for the update and for confirming this. It's great to hear that improving session persistence is on the roadmap, and that you're exploring solutions like indexeddb-stamper or similar mechanisms. We definitely look forward to seeing these improvements, especially for enhanced reliability on iOS and Safari. Appreciate the team's efforts.