[SOLVED] email password session doesn't work in SSR
sounds like client isn't sending the cookie? is it set?
didn't get your qs. what is set?
The cookie
yes it is. here's the code that set's the cookie
const cookieStore = cookies();
for (const cookie of cookiesParsed) {
cookieStore.set(cookie.name, cookie.value, {
domain: cookie.domain,
secure: cookie.secure,
sameSite: cookie.sameSite as any,
path: cookie.path,
maxAge: cookie.maxAge,
httpOnly: cookie.httpOnly,
expires: cookie.expires,
});
}
another thing I just noticed is that I can see all the appwrite cookies from any other route, but can't from middleware. that's weird
How are you extracting the cookie?
a simple example of getting all the cookies
const { cookies } = await import("next/headers");
const cookieStore = cookies();
cookieStore.getAll().forEach((cookie) => {
console.log(cookie);
});
What's your middleware code?
just a simple check for auth status
export async function middleware(request: NextRequest) {
const currentUser = await getCurrentUser();
const path = request.nextUrl.pathname;
/*
If the user is not logged in
and is trying to access an authenticated route,
redirect to the home page
*/
if (!currentUser && AUTH_ROUTES.includes(path)) {
return NextResponse.redirect(new URL("/login", request.url));
}
/*
If the user is logged in
and is trying to access an unauthenticated route,
redirect to dashboard
*/
if (currentUser && UNAUTH_ROUTES.includes(path)) {
return NextResponse.redirect(new URL("/dashboard", request.url));
}
}
Try checking request.cookies
same thing. only the test cookies are there
It seems it's not being sent by the client then
well well well. ig you were right in the text u removed some min ago. the middleware doesn't have access to the appwrite cookies. i just tried removing the domain option from the code that sets my cookies and it started working magically
what's the domain of the cookie compared to your nextjs domain?
tho i'm still confused, why domain was preventing it from being read by middleware, while all other routes were reading it successfully
cloud.appwrite.io
the nextjs middleware DOES have access to cookies...the domain is something that restricts when cookies are sent by the client
that's not good. that doesn't work. you need to use a custom domain where your endpoint is a subdomain of your nextjs
and then the cookie domain should be set for your nextjs app
but I'm using the cloud version of appwrite and not really thinking about hosting it on a custom domain. if i just don't pass the option domain, will it be insecure?
then why the other routes were allowed to read it? cuz afaik, middleware and any other routes are running from the same host
you might run into other problems. the best thing to do is to set up the domains as we suggested
any idea what might the other problems be?
nope
[SOLVED] email password session doesn't work in SSR
