Redirecting and reloading on server
Answered
English Angora posted this in #help-forum
English AngoraOP
When a token inside a cookie is expired I know you cannot set the cookie in a page component on the server. I thought of an idea to redirect the user to a route handler /api/drop-cookie where the cookie is set and then redirects them back to their original page. The problem is the page is cached as empty so when they are redirected back to the page they are see an empty page. Is there a way to redirect them to the page but make the user reload when it's redirected from drop-cookie?
Answered by B33fb0n3
Is there maybe a better solution then ...
yes, there is.
the page component checks to see if their token is valid
I wouldn't do this. Instead I would check all the auth stuff inside my middleware. Your middleware checks everything and if new cookies need to be set, the user wasn't even on the page. So you won't have any issues with caching.
What do you think about it?
yes, there is.
the page component checks to see if their token is valid
I wouldn't do this. Instead I would check all the auth stuff inside my middleware. Your middleware checks everything and if new cookies need to be set, the user wasn't even on the page. So you won't have any issues with caching.
What do you think about it?
23 Replies
@English Angora When a token inside a cookie is expired I know you cannot set the cookie in a page component on the server. I thought of an idea to redirect the user to a route handler /api/drop-cookie where the cookie is set and then redirects them back to their original page. The problem is the page is cached as empty so when they are redirected back to the page they are see an empty page. Is there a way to redirect them to the page but make the user reload when it's redirected from drop-cookie?
What about revalidating the page after the cookie is removed?
English AngoraOP
But wouldn’t that delete the cache for everyone?
Actually it’s dynamicly rendered so that should work
I’ll check it out
@English Angora Actually it’s dynamicly rendered so that should work
Yea, normally your cache keys should be unique. Maybe they contain even an unique id inside them, so you can directly revalidate these. Also if you want to revalidate it using revalidatePath, there should be unique dynamic parameters inside the url. So I guess you have plenty of options, to only revalidate the correct page for the specific user
English AngoraOP
revalidatePath did not solve the issue
@B33fb0n3 Here is more detail on how the flow happens. The user has a token and a refresh token which has a year expiration. When the user loads a page, the page component checks to see if their token is valid. If it isn't then it will check the validity of the refresh token. If that is valid we want to update the token, but we can't do that in a page component because of streaming. My solution is to redirect the user to a route handler /api/drop-cookie where the token gets updated based on the refresh token and then get redirected back to the original page, ideally with a new token and a valid page.
What actually happens is that the user is redirected back to an empty page. I think this is caused by some type of cacheing. Cuase it cached the result of the page redirecting the user to the rotue handler, which is just an empty page. then the route handler redirects the user back to an empty page
I tried the revalidation page approach but that didn't work. Is there maybe a better solution then the /api/drop-cookie method or am I just missing somethign?
What actually happens is that the user is redirected back to an empty page. I think this is caused by some type of cacheing. Cuase it cached the result of the page redirecting the user to the rotue handler, which is just an empty page. then the route handler redirects the user back to an empty page
I tried the revalidation page approach but that didn't work. Is there maybe a better solution then the /api/drop-cookie method or am I just missing somethign?
@English Angora <@301376057326567425> Here is more detail on how the flow happens. The user has a token and a refresh token which has a year expiration. When the user loads a page, the page component checks to see if their token is valid. If it isn't then it will check the validity of the refresh token. If that is valid we want to update the token, but we can't do that in a page component because of streaming. My solution is to redirect the user to a route handler /api/drop-cookie where the token gets updated based on the refresh token and then get redirected back to the original page, ideally with a new token and a valid page.
What actually happens is that the user is redirected back to an empty page. I think this is caused by some type of cacheing. Cuase it cached the result of the page redirecting the user to the rotue handler, which is just an empty page. then the route handler redirects the user back to an empty page
I tried the revalidation page approach but that didn't work. Is there maybe a better solution then the /api/drop-cookie method or am I just missing somethign?
Is there maybe a better solution then ...
yes, there is.
the page component checks to see if their token is valid
I wouldn't do this. Instead I would check all the auth stuff inside my middleware. Your middleware checks everything and if new cookies need to be set, the user wasn't even on the page. So you won't have any issues with caching.
What do you think about it?
yes, there is.
the page component checks to see if their token is valid
I wouldn't do this. Instead I would check all the auth stuff inside my middleware. Your middleware checks everything and if new cookies need to be set, the user wasn't even on the page. So you won't have any issues with caching.
What do you think about it?
Answer
English AngoraOP
I was thinking about this
but doesn't it only happen in edge runtime
English AngoraOP
My project is in node.js runntime
I think middleware only works with edge runtime
does your auth provider not support edge runtime?
(next-auth & authjs do)
English AngoraOP
I'm not using an auth provider
@English Angora I'm not using an auth provider
what do you use instead?
English AngoraOP
I'm just using my own that I built for now
Oh ok... then I understand why you have problems... I guess I won't have a solution for that. Sorry
English AngoraOP
I tried to use the middleware
But it's saying edge runtime does not support crypto module
English AngoraOP
middleware worked
Thanks man. What i did was use jose as the jwt libary instead of jsonwebtoken which doesn't work with edgje runtime