I followed the guide for refresh token rotation and it is working for me. When I fetch the session from my Next frontend it does correctly refresh the token if needed. I've found, however, that if I close out my site's tab in my browser while the token is valid and then open a new one later, that authjs seems unable to refresh the auth token. My server console log tells me that the refresh token it is using does not exist. This only happens, however, if the site was not open in my browser when the session expired.

I am attempting to fetch the user session using getSession() on the client. Is this the expected behavior of authjs? Do I need to store the refresh token somewhere client-side? This seems wrong but I am uncertain.