Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Guide on handling protected SSR api requests #334

Closed
uptownhr opened this issue Mar 2, 2017 · 4 comments
Closed

Guide on handling protected SSR api requests #334

uptownhr opened this issue Mar 2, 2017 · 4 comments
Labels
2.x question

Comments

@uptownhr
Copy link

uptownhr commented Mar 2, 2017
edited by ghost

A bit tricky of a question but here's the scenario. Also, sorry for posting here if not the correct project. Wasn't sure which repo to post under.

Using Nuxt with Express

  • Using Express Sessions
  • You have protected routes that lookup session to allow access
  • From a Nuxt page component, you use fetch (), or other server side hooks, to hit the protected route for data.

This works without an issue from the browser's point of view as cookie/session can be detected. However, when the fetch hook is triggered from the server, cookie/session is lost. Following the, https://nuxtjs.org/examples/auth-routes/ is insufficient.

ie: if your protected route looks like

exports function(req,res){
  if (!req.session.user) return res.status(401).send('not logged in')
}

Nuxt renderer will throw a 401 error as the hook call to the protected route will not contain the user session.

There are many solutions/workarounds here

  • Not using sessions and turning to stateless tokens
  • Not calling protected routes from server
    • using isServer flag
    • using the mounted hook instead

There may be others but probably in the realms of either or.

  1. The token solution works but is not straight forward and probably be worthwhile to have examples for people to follow and setup.
  2. not using protected routes from the server is a simple workaround but limits SSR on protected pages. From an SEO standpoint, this is completely fine and probably the use of SSR in the first place. Still not ideal.
This question is available on Nuxt.js community (#c285)
@Atinux Atinux added the question label Mar 3, 2017
@alexchopin alexchopin mentioned this issue Mar 14, 2017
Closed
@timwis timwis mentioned this issue Feb 24, 2018
Closed
@pyramation
Copy link

pyramation commented Mar 11, 2018
edited

this is seemingly still an issue that's not documented? I'm happy I searched and stumbled into a closed issue that looks unresolved - at least I'm not alone ;)

@walter0331
Copy link

I just ran into this issue today. and was scratching my head for hours, trying to figure out why express loses session on SSR. :(

@uptownhr
Copy link
Author

JUST FYI: I have transitioned to using JWT tokens. Makes it much simpler to not have to deal with sessions.

@lock
Copy link

lock bot commented Nov 1, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Nov 1, 2018
@danielroe danielroe added the 2.x label Jan 18, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
2.x question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@pyramation @Atinux @uptownhr @walter0331 @alexchopin @danielroe