Is storing user information on session callback a good approach?
Answered
Checkered Giant posted this in #help-forum
Checkered GiantOP
At the moment when the user signs using using next-auth i am returning the user info from the database and storing in session variable.
Is there any issues doing this?
This way I avoid having to fetch the user again.
Thank you!
Example
``` async session({ session, token, user }) {
console.log('session callback, print token');
console.log(token);
if (token.email) {
let dbUser = await getUserByEmail(token.email);
if (!dbUser) dbUser = await createUser(token.email);
if (dbUser) session.dbUser = dbUser;
else session.dbUser= undefined;
}
return session;
},
Is there any issues doing this?
This way I avoid having to fetch the user again.
Thank you!
Example
``` async session({ session, token, user }) {
console.log('session callback, print token');
console.log(token);
if (token.email) {
let dbUser = await getUserByEmail(token.email);
if (!dbUser) dbUser = await createUser(token.email);
if (dbUser) session.dbUser = dbUser;
else session.dbUser= undefined;
}
return session;
},
Answered by Anay-208
There are no issues, as long as you verify the user before they do a action requiring authorization.
However, if the user data in db are updated like if account deleted, its best not to do it or revalidate the data
However, if the user data in db are updated like if account deleted, its best not to do it or revalidate the data
6 Replies
@Checkered Giant At the moment when the user signs using using next-auth i am returning the user info from the database and storing in session variable.
Is there any issues doing this?
This way I avoid having to fetch the user again.
Thank you!
Example
async session({ session, token, user }) {
console.log('session callback, print token');
console.log(token);
if (token.email) {
let dbUser = await getUserByEmail(token.email);
if (!dbUser) dbUser = await createUser(token.email);
if (dbUser) session.dbUser = dbUser;
else session.dbUser= undefined;
}
return session;
},
There are no issues, as long as you verify the user before they do a action requiring authorization.
However, if the user data in db are updated like if account deleted, its best not to do it or revalidate the data
However, if the user data in db are updated like if account deleted, its best not to do it or revalidate the data
Answer
Checkered GiantOP
Hmm thanks!
This is what i'd be doing for example when creating a new post
If the user deleted the the account then yes, i'd update the session variable, basically any user action that changes their info on DB ,i'd update the session variable
This is what i'd be doing for example when creating a new post
If the user deleted the the account then yes, i'd update the session variable, basically any user action that changes their info on DB ,i'd update the session variable
mark my message as a solution by right clicking, apps, mark solution
Checkered GiantOP
The approach below on the screenshot is ok correct? I'm checking getting the user info from the session
I can't determine it as there is not much code
I would recommend fetching the data and applying caching to that fetch. With your approach you are going to start running into issues once a user logs in from multiple devices