Stateless session management in NextJS
Unanswered
Florida White posted this in #help-forum
Florida WhiteOP
Hi,
I am working with a Next.js frontend where access and refresh tokens are stored in secure, HTTP-only cookies on the server side.
My application consists of three services: an auth server, a frontend, and a backend.
Currently, only the frontend checks for authentication.
However, I want the backend to also verify whether a user is authenticated when it receives a request from the frontend.
Here’s the problem I am trying to solve:
Initial page data is loaded via server components (on the server).
Client-side interactions (e.g. for CRUD operations) also fetch fresh data.
I want both types of requests server-side and client-side to automatically include the session cookie, so that the backend can validate the session for each request. Tried it inside the middleware already
What I am looking for is:
A best-practice approach to session management in Next.js for this architecture.
What’s the recommended way to implement this?
I am working with a Next.js frontend where access and refresh tokens are stored in secure, HTTP-only cookies on the server side.
My application consists of three services: an auth server, a frontend, and a backend.
Currently, only the frontend checks for authentication.
However, I want the backend to also verify whether a user is authenticated when it receives a request from the frontend.
Here’s the problem I am trying to solve:
Initial page data is loaded via server components (on the server).
Client-side interactions (e.g. for CRUD operations) also fetch fresh data.
I want both types of requests server-side and client-side to automatically include the session cookie, so that the backend can validate the session for each request. Tried it inside the middleware already
What I am looking for is:
A best-practice approach to session management in Next.js for this architecture.
What’s the recommended way to implement this?
5 Replies
I just recommend you to either use better-auth, or see lucia auth guide
Bombay
@Florida White I'm kinda on similar problem atm, check my post that I posted 2 min ago
you can honestly just use iron-session
this lets you have cookie based sessions and you can read them server-side