SSR State Management for session
Answered
Southeastern blueberry bee posted this in #help-forum
Southeastern blueberry beeOP
hi im trying to share session details accross pages and server component on ssr step using a global state management lib without sharing the same state between several users and without doing props drilling.
is there a recognized way to do this? I've seen that zustand allows it but there are security problems because the state is shared between all requests
Thank you
is there a recognized way to do this? I've seen that zustand allows it but there are security problems because the state is shared between all requests
Thank you
Answered by B33fb0n3
One solution would be to use JWT as auth method. That will sign a json object, that is saved on the client. The client can't modify it, but you can access it everywhere (serverside & clientside). Because it's handled clientside, you don't need to request your server nor your data source. You can just ask the client what the saved values are 👍
10 Replies
Southeastern blueberry beeOP
i know that mutating the state on ssr is not possible im just talking about the initial rendering when request is used for determining session
@Southeastern blueberry bee hi im trying to share session details accross pages and server component on ssr step using a global state management lib without sharing the same state between several users and without doing props drilling.
is there a recognized way to do this? I've seen that zustand allows it but there are security problems because the state is shared between all requests
Thank you
One solution would be to use JWT as auth method. That will sign a json object, that is saved on the client. The client can't modify it, but you can access it everywhere (serverside & clientside). Because it's handled clientside, you don't need to request your server nor your data source. You can just ask the client what the saved values are 👍
Answer
Southeastern blueberry beeOP
@B33fb0n3 auth is handled by external service (tmdb) not mine
on auth user is redirected to some tmdb page and he will be asked to approved
Southeastern blueberry beeOP
I just seen that is a duplicate of the prev issue my bad 😂
Southeastern blueberry beeOP
@B33fb0n3 sorry to bother you with this but since the cookie including account details have httpOnly set to true, how can i read username... from client side ?
@Southeastern blueberry bee <@301376057326567425> sorry to bother you with this but since the cookie including account details have httpOnly set to true, how can i read username... from client side ?
I can only speak for next-auth (because I only use that) and with that I can get the account details directly though:
I don't know how you need to do it, when you using an external backend
const session = useSession(); // session with user dataI don't know how you need to do it, when you using an external backend
Southeastern blueberry beeOP
I ended up creating a session endpoint that decodes and sends account details from the jwt. This endpoint is called by my layout, which then initializes a global store to tshare account details on the client side.