Next-Auth logout in server component (account deleted)
Unanswered
Matt posted this in #help-forum
MattOP
I have server components calling my rest API and passing along the next-auth JWT. When an account is deleted, the API returns 404 to /users/current which I'd like to trigger deleting the session so they can make a new account or sign in to a different one. Any thoughts on an idomatic way to do this?
22 Replies
MattOP
That's a server action which you presumably have called by a form/user input. This is if the user has their account deleted (e.g. by a moderator), not triggered by a server action 😦
true
so whats the issue?
MattOP
I can't call logout from a server component in response to 404 from my API because cookies can't be set there apparently
Maybe I need to do some middleware stuff?
you need to log someone out?
and your auth is using JWT?
MattOP
yes
you can't log someone out if ure using jwt
thats a given disadvantage of jwt
this is possible if you are checking session id in a database for every auth check therefore someone signed in can be logged out since their session no longer exists in the datababse.
the state of jwt is store in the user's browser as opposed to the database. therefore you can't tell a specific computer to clear the state
MattOP
I just want to delete the session in the browser.
yes you can't tell someone else's computer to "delete the session in the browser"
like i said, its possible if you store the user's session not only in the browser, but also in the server
server can't request client what to do, unless a websocket connection is established
like if a moderator deleted another user's account, that moderator can't force logout on that user
the deleted user needs to trigger the checks first/make a request first
Pavement ant
I think cookies might help you instead jwt in middleware