How does Next-auth store session?

About

Asked 26/7, 2022 at 18:52 Answered 20/12, 2023 at 13:52

I have a Next.js project with next-auth hooked up. But I'm confused on how next-auth store sessions.

On my Chrome cookie, I found this session-token: eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..3_1xKir8Uf2dwky2._druNa1meJemDgeeYw5o6S840s_sW4DShuEu1w34RVAe8cyHm8-ryK5smM1ecKo1KZ_2faPUNpQTwMEUr-AW0Lo_0Oei_n9VIu7xTSET6W0ANdrL2Xg9ZUG9EziZYaW0VFEu.nPkQMkGcrvFRN5BIVvG_ng, but its payload is empty.

So my question is:

How is sessionId stored on the client side?
Does it store only the sessionId or full session data?
If it only stores the sessionId on client side, then does server-side manages session sharing on multi instances like serverless by default? I'm going to deploy it on Vercel.

Deena answered 26/7, 2022 at 18:52 Comment(4)

When not using a database, next-auth stores the JWT session token in a server-readable-only cookie. See the "What are the advantages of JSON Web Tokens?" section in next-auth.js.org/faq. – Petterson 27/7, 2022 at 21:35

@Petterson in this case, I believe it stores full session data in the JWT token? then how come my JWT token's payload is empty ? – Deena 28/7, 2022 at 22:27

I'm asking myself the same question @Mars. Did you ever find an answer? – Infantile 13/12, 2023 at 13:33

@Infantile nope. my understanding is you either store all session data in token or some single instance thing on server side. – Deena 14/12, 2023 at 0:3

If we check the next auth documentation, we find that the token is only used for validation in the request that returns the user, see:

https://next-auth.js.org/getting-started/client#getsession

Ru answered 20/12, 2023 at 13:52 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags