https://supertokens.com/ logo
Session refresh on the server
p

petrgazarov

04/23/2023, 7:28 AM
Hi 👋 . I'm setting up supertokens with Next.js for the first time and have a basic question. In SSR setup (https://supertokens.com/docs/thirdparty/nextjs/session-verification/in-ssr), the "needs-refresh" prop is added so that would "force the frontend to try and refresh". Is there a way for this to be done on the server? If done on the FE, I think that means SSR isn't really working as it should.
r

rp

04/23/2023, 7:34 AM
Hey @petrgazarov
The refresh token is only stored on the client side. Therefore the refreshing request has to be initiated on the client
SSR would still be happening on the server though.
p

petrgazarov

04/23/2023, 7:43 AM
By SSR I mean that the browser would receive a blank page. (since I'm doing to prevent a flash on the FE
if (pageProps.fromSupertokens === 'needs-refresh') {
    return null;
  }
) The redirect to auth from there (and the rendering of the login page) happens on the browser, I think.
It would be nice if the redirect happened on the server so that the server can actually render the auth page and return it back to the browser. just a hot take, no idea if this is even possible
r

rp

04/23/2023, 7:45 AM
Right yea. That’s in case the session doesn’t exist.
Well, the refresh token is stored on the client, so the server doesn’t really have a way to know for sure if the refresh token exists or not
p

petrgazarov

04/23/2023, 7:46 AM
Gotcha
r

rp

04/23/2023, 7:47 AM
You could always hack around and set some custom cookie which is set post login and removed when logout
And then the server could see if this cookie exists, and if it does, send the refresh error to the frontend (the current flow)
Else directly redirect the user to the login page
Actually, now that I think of this
If the sAccessToken cookie is in the request, you could safely assume that the refresh token exists on the frontend, else not
So if the getSession fails, and if the sAccessToken is not in the request object, you can directly redirect to the login page
p

petrgazarov

04/23/2023, 7:50 AM
Good to know! Thanks
I added the following to getServerSideProps:
if (!context.req.cookies['sAccessToken']) {
    return {
      redirect: {
        destination: `/auth?redirectToPath=${context.resolvedUrl}`,
        permanent: false,
      },
    };
  }

  // rest of the code
and now the server responds with 307 Temporary Redirect when the user is logged out 👍.
r

rp

04/23/2023, 8:05 AM
Yup. This works.
p

petrgazarov

04/23/2023, 8:05 AM
I noticed that the built-in /auth page is rendered entirely on the client (the server response is blank). Is there a way to make that page be rendered on the server?
r

rp

04/23/2023, 8:06 AM
That’s not possible as of today unfortunately. We will be working on it in the coming months.
You always have the option to build your own login UI
p

petrgazarov

04/23/2023, 8:06 AM
Okay, sounds good!