Why would one use iron-session instead of next-auth? Doesn't next-auth do normal username/password log-in in addition to Social (while iron-session only does the former)?
Difference between iron-session and next-auth?
Asked Answered
Hi Dimitri, what did you end up using and does it work well? –
Beadruby
next-auth does a lot of things like you said but it also makes you do things their way. So you have to model your database a certain way to make next-auth work but it does come with a lot of helper functions and makes you write a lot less code.
iron-session only does session management. You have to write all the auth logic with iron-session which next-auth handles for you automatically.
As far as which one is better: if you'd like complete control over your database then use iron-session because sometimes next-auth might not work and it's annoying. I faced an issue with it so ditched it but it just might work for you. iron-session gives full control but you have to write the correct code. Personally, I'm facing issues with iron-session as well with useUser hook because I have to use react-query and not swr but it's probably my issue.
Does iron-session act more like a JWT implementation? From the tutorials I've seen, seems like the session info is encrypted and saved in the cookie value itself (using
req.session.save()), and not in a database, which you can do with Next-Auth using the database option in config. –
Bawdyhouse @DimitriBorgers iron-session is just session storage. you have to connect your own database. with next-auth, it automatically handles database for you as well when logging in & logging out or checking if a private page has a session key bcz it has methods for it. with iron-session, when you login, you have to use
.save() to store session. when you logout, you have to use .destroy() method. highly recommend checking out the official example → github.com/vercel/next.js/blob/canary/examples/… –
Garcon for the difference between iron-session & jwt, read this straight from the author & why jwt is a bad default by another guy. –
Garcon
Thanks! To confirm, iron-session requires you to have a DB to store a user's credentials (allowing authentication when a user logs in), but the session itself isn't stored in a database, but the encrypted cookie itself? –
Bawdyhouse
from the library itself,
The session data is stored in encrypted cookies ("seals"). And only your server can decode the session data. There are no session ids, making iron sessions "stateless" from the server point of view. –
Garcon can I use Laravel backend with next? . I don't see, next-auth supports mysql DB. Is it a good practice to use Laravel backend with next? –
Committal
@Committal you should probably ask a separate question rather than asking on a totally unrelated issue. but to answer your question, i don't use or like hybrid backends. next.js is not a frontend framework but it's a full-stack framework so frontend & backend both works. so you may be able to use it but try asking a separate question to be sure although i'd go with what i know best either laravel completely or just next.js, definitely not both. –
Garcon
iron-session is lightweight library. It is simply used for session management. session is not related only to authentication. For example, maybe you want to sign some data on one API endpoint, attached the signed data to the req.session and you still need to reach this data on a different API endpoint iron-session store data on the encrypted cookie and save it to the browser. From here:
Node.js stateless session utility using signed and encrypted cookies to store data. Works with Next.js, Express, and Node.js HTTP servers.
The session data is stored in encrypted cookies ("seals"). And only your server can decode the session data. There are no session ids, making iron sessions "stateless" from the server point of view.
On the other hand, next-auth is a more robust authentication package. as the name says next-auth, it is dedicated to authentication. It has too many authentication methods. It creates a session specifically for the user's login
Which one will you recommend Yilmaz? –
Beadruby
© 2022 - 2024 — McMap. All rights reserved.