Question: Does Iron-session work with Next App Router? #594
Comments
|
Not yet finalized still in beta, check |
|
Could this be the reason I'm getting: when trying to apply the redirection from I'm using Nextjs 13 |
|
it was actually the wrong import of |
|
How would I migrate using serversideprops and withIronSessionSsr in nextjs pages router to nextjs app router? |
|
I recently migrated an application to the app router, the import { unsealData } from 'iron-session/edge';
import { cookies } from 'next/headers';
export default async function Page() {
const cookieStore = cookies();
const encryptedSession = cookieStore.get('name-of-your-cookie')?.value;
const session = encryptedSession
? await unsealData(encryptedSession, {
password: 'your-password',
})
: null;
return <div>{session ? session.some_value : 'not authenticated'}</div>;
}Creating the session can be tricky since you need to set the encrypted session with a cookie header either in a route handler or a middleware. import { sealData } from 'iron-session/edge';
// endpoint to log in a user
export async function POST() {
const session = JSON.stringify({
userId: 1,
name: 'john doe',
});
const encryptedSession = sealData(session, {
password: 'your-password',
});
return new Response('ok', {
status: 200,
headers: { 'Set-Cookie': `name-of-your-cookie=${encryptedSession}` },
});
} |
|
What do you do with your returned Response with the headers cookies from your second code snippet of the API route handler? How do you get the encrypted session cookies in the returned response to the client cookie store that you then access in the first code snippet? |
The route handler execution finishes, and the browser receives the response, it notices it has a
The browser attaches the cookies to the request meaning that you can access that information when processing it. In Next.js case, it receives the request (with the session cookie included) and automatically provides different ways to read the value, for example the Hope it helps, it's a good idea to review how cookies work in general. |
|
I expect the cookies to be assigned to the cookie storage on the client-side browser (which you can see by Inspecting page, going to the Application tab, and looking under the cookies tab) automatically once a Response with the appropriate set cookie headers is returned I cannot get this to work with my server actions. However, when I turn off server actions by removing the experimental server action flag in my config and removing the 'use server' tag in the file of my function where I call the API route handler, it works. How did you get it to work with server actions? Or are you not using server actions? |
|
It is working just fine for us using it in the app dir with api routes. Followed info here: #586 |
|
how would I handle the cookie "name-of-your-cookie" providing a value of [object promise] ? |
Likely you didn't await the promise when retrieving the value to be set in the cookie. |
|
Requests and responses used in getIronSession are only used to set and get cookies, I think it makes sense to provide callback options that accept a cookie setter and getter instead of request and response, since it's always easy for user to create a custom instance that uses request and response for cookie operations anyways. At the same time since this is a small utility library I think it's not too difficult to fork and replace the usages of Just some personal insights, but I do always prefer a thoroughly tested and used codebase and not reinventing. So I think this functionality is better implemented in the main repo. Adding optional callbacks to be used isn't breaking and provides better flexability for rsc |
|
Hey everyone 👋 I have Iron Session now fully working with support for NextJS App Router and Server Actions. The feature update is provided with documentation and a working example application. Please refer to my comment under the Roadmap v8 issue thread for it, being available as a pull request. I would love your support in getting this PR approved so that we can complete the V8 branch to be pushed into the main branch to have Iron Session with App Router available for everyone to use. |
|
you can use import {cookies} from 'next/headers';
import { unsealData } from 'iron-session';
import { AuthContextProvider } from "~/components/AuthProvider";
export default async function RootLayout({
// Layouts must accept a children prop.
// This will be populated with nested layouts or pages
children,
}: {
children: React.ReactNode,
}) {
let session:SessionPayload|undefined = undefined;
if(cookies().has('sid')){
const sid = cookies().get('sid');
if(sid!==undefined && process.env.COOKIE_SECRET ){
const unsealed = await unsealData<{ session: SessionPayload }>(sid.value,{ password: process.env.COOKIE_SECRET });
session = unsealed.session;
}
}
return (
<html lang="en">
<body>
<AuthContextProvider session={session}>
{children}
</AuthContextProvider>
</body>
</html>
)
} |
|
Hey there, iron-session v8 is live now 👍 https://github.com/vvo/iron-session and compatible with app router. We even have demos: https://get-iron-session.vercel.app/ Good luck. |
I noticed that all the iron-session examples use the pages router for api routes. Tried some experimenting getting the api requests into the app router instead of pages router. Is this possible, or does it need to be a new feature added?
BTW, I love the library so far, and I would love to help if needed.
The text was updated successfully, but these errors were encountered: