authentication - NextJS midleware flow of cookiesheaders - Stack Overflow

admin管理员组

文章数量:1399251

I have a confusing situation with NextJS and session cookies and middleware, the flows are:

• New user hits site -> middleware creates a new anon session token and sets the set cookie header in the response -> page is rendered and looks for the cookie (and usually finds it...! which is not expected?)
• Existing user hits site -> middleware checks session token validity and optionally refreshes it if possible -> page is rendered

Now I am getting a load of weird errors here that I am finding really hard to reproduce:

1. Ocasionally I am seeing an error in the logs that a session token could not be found by the page and so it fails to render (seems to be limited to being hit by bots but why!?!?). I have tested hitting the site directly with curl and it seems to work fine.
2. Users are sporadically getting 401 errors, when I delved deeper the session token was either missing or had expired, perhaps corrupted tokens.

If anyone has any insights into the expected flow of data in the request and response between NextJS middleware and pages I would love to know what is actually expected to happen here.

本文标签： authenticationNextJS midleware flow of cookiesheadersStack Overflow