https://supertokens.com/ logo
Join Discord
Powered by
I am running NextJS with an Express API on a separ...
# support-questions-legacy
r
I am running NextJS with an Express API on a separate server. Is there a way for me to get the user session inside getServerSideProps in my NextJS application? I have tried following the NextJS specific directions for getServerSideProps but it always comes back unauthorized. Any advice? I'm thinking I need to use the SDK inside getServerSideProps which is fine but how do I get the user id or session id so I can check if they have a valid session? My goal is to redirect to a different page if the user is authenticated. My api is running on api.example.com and app on app.example.com on my localhost by adjusting my etc/hosts. I get a session on first page load after logging in, if I refresh the page then it fails with the UNAUTHORIZED error triggering an infinite refreshing loop.
r
Hey @robottonyc are you sharing the session across the sub domain?
r
Hi, yes I am. I have the cookieDomain set in the config of my express api instance, and the backendConfig of the nextjs instance
r
Right. In that case, when you do a browser navigation, does the access token cookie get sent in the request?
r
I'm thinking not unless it is that ajs_anon one
but all my api requests to the api server work
r
Huh. That’s strange. GetServerSideProps is called during page navigation right?
So in that case, how do you have an authorization header?
r
oh sorry that was not on the page with getserversideprops
r
Right. You are facing an issue with getServerSideProps right?
r
yes that is correct.
r
I think I know the issue
You are using header based auth
Instead, use cookie based auth
r
yes that is correct
r
That should fix the issue
r
I needed to switch to header based auth because I have an api that is shared by 2 tenants
r
Righttt
r
I was running into interfering sessions
r
So this is a problem
So one solution could be
r
Okay, the SSR isn't critical to me right now, I was wanting to use it to redirect to a different page under certain circumstances.
r
Hmm
r
I can redirect client side
r
I think the st-access-token cookie will be sent in the request during ssr right?
Cause that’s a frontend cookie that’s set for header based auth
So you could manually read that during ssr and pass that into getSessionWithoutRequestResponse function
r
let me look for that in the req headers
yup I have st-access-token, sFrontToken and st-refresh-token
I'm just trying to track down documentation on the function
r
r
okay sweet yeah I tracked that down. Just trying to figure out what to put for the antiCssrfToken and options
oh those are optional args. BOOM that worked!
thank you so much!
r
👍
r
Fantastic support. I always try to bang my head against the wall for a couple days before I hang my head in shame. Thank you for getting me off the ground.
r
Happy to help 🙂
2 Views
PreviousNext
Powered by