Next-auth: getSession on server side: calling the API is a huge design issue

Created on 10 Dec 2020  路  3Comments  路  Source: nextauthjs/next-auth

Describe the bug
The code for getSession, on server side, is calling the API

This a bad idea for a lot of reasons:

  • maybe the server is not allowed to make such requests
  • maybe the API is not available (at startup for instance?)
  • it increases the process and bandwidth usage for no reason
  • and the worst thing: if the API updates the cookie there, it will not be reflected in the browser as the request was originated by the server...

Expected behavior
getSession on server side should take request, response and options, and handle the job without any HTTP request.

enhancement help wanted
Source
picture fromi

Most helpful comment

Please keep in mind that we are an open source organization, working on this project in our free time as well. We solely rely on the community to help us out where they can.

I am going to take up this topic the next time I chat with @iaincollins to figure out what we can do here. Thanks for the feedback, it's really helpful!

Regarding TypeScript, again we welcome eager community members to help out pushing stuff they need faster. 馃槉

picture balazsorban44 on 11 Dec 2020
👍2

All 3 comments

Hi there! Do you maybe have a suggestion for improvement? If so, we welcome PRs 馃槉

balazsorban44 picture balazsorban44 on 10 Dec 2020

I bet you do :) Unfortunately I have 0 revenus as long as my personal projet does not land (https://game-park.com/), so for now I cannot afford to spend a couple of weeks on another project... but I hope I can do it later on.

Some thoughts though:

  • in order to be able to keep a single function getSession that can be use on both side, we need a way to use runtime imports in the framework (using require('...') on another file). Without runtime imports, the client starts on depending on libraries only available on server side (like 'fs').
    I tried it and it does not work after the build with current build configuration.
  • The way the "options" object works on server side (injection in API routes only) makes it currently very hard to reuse elsewhere. This should also be refactored into something more reusable.

Also, if the Typescript migration pull request could be integrated, it would be great ;)

fromi picture fromi on 11 Dec 2020

Please keep in mind that we are an open source organization, working on this project in our free time as well. We solely rely on the community to help us out where they can.

I am going to take up this topic the next time I chat with @iaincollins to figure out what we can do here. Thanks for the feedback, it's really helpful!

Regarding TypeScript, again we welcome eager community members to help out pushing stuff they need faster. 馃槉

balazsorban44 picture balazsorban44 on 11 Dec 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

benoror picture benoror  路  3Comments
iaincollins picture iaincollins  路  3Comments
eatrocks picture eatrocks  路  3Comments
dmi3y picture dmi3y  路  3Comments
ghoshnirmalya picture ghoshnirmalya  路  3Comments