Next-auth: Circular redirect when protecting route within getServerSideProps
Please refer to the documentation, the example project and existing issues before creating a new issue.
Your question
A clear and concise question.
Am I missing a critical step in how server-side redirects are handled, or how the login redirect callback works? Issue below.
What are you trying to do
A description of what you are trying to do.
Trying to protect a route by checking for a session on the server, and manually redirecting if there isn't one. Most of the time this works perfectly fine.
However if I'm on the protected page when the JWT expires and I get redirected to login, after the login is successful I get stuck in an infinite loop of constantly having to log-in and getting redirected to the login page. This happens with both oauth and email login. If I manually re-type the URL i'm supposed to redirect to, or any other URL within my app, the session works again as expected. But the login redirect fails every time, until manually going to a new URL seems to "fix" it.
Code:
Documentation feedback
Documentation refers to searching through online documentation, code comments and issue history. The example project refers to next-auth-example.
- [x] Found the documentation helpful
- [ ] Found documentation but was incomplete
- [x] Could not find relevant documentation
- [x] Found the example project helpful
- [ ] Did not find the example project helpful
ryanbahan
All 5 comments
Hmm it sounds like something naughty is getting set as a value in the callbackUrl cookie. We might need to (a) clear this cookie after use (b) make sure it can't be something like the sign in page (if that happens somehow).
If you happen to notice anything about this please do share, otherwise will try and think of defensive things we can do to try and prevent it from being triggered.
iaincollins
on 13 Jul 2020
My current solution is to check for session on the server, but do the redirect on the client if necessary. I'll dig into this a little bit more soon, and let you know if I find anything.
ryanbahan
on 14 Jul 2020
I had the same problem a few days ago. Then I added this line into current nginx config:
location / {
...
add_header Cache-Control 'max-age=0';
...
}
And it worked!
Hey @iaincollins, Do you have any idea from my fix?
thanhnha121
on 28 Aug 2020
Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep ot open. Thanks!
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 5 Dec 2020
Hi there! It looks like this issue hasn't had any activity for a while. To keep things tidy, I am going to close this issue for now. If you think your issue is still relevant, just leave a comment and I will reopen it. (Read more at #912) Thanks!
stale[bot]
on 12 Dec 2020
Related issues
bscaspar
路
3Comments
alephart
路
3Comments
iaincollins
路
3Comments
ghoshnirmalya
路
3Comments
Xetera
路
3Comments
Most helpful comment
My current solution is to check for session on the server, but do the redirect on the client if necessary. I'll dig into this a little bit more soon, and let you know if I find anything.