[SOLVED] email password session doesn't work in SSR

sounds like client isn't sending the cookie? is it set?

TL;DR

Title: [SOLVED] Email password session doesn't work in SSR TL;DR: The issue was resolved by removing the `domain` option from the code that sets the cookies. The middleware did not have access to the Appwrite cookies, and removing the `domain` option fixed the problem. Solution: Remove the `domain` option from the code that sets the cookies.

didn't get your qs. what is set?

The cookie

yes it is. here's the code that set's the cookie

TypeScript

  const cookieStore = cookies();

  for (const cookie of cookiesParsed) {
    cookieStore.set(cookie.name, cookie.value, {
      domain: cookie.domain,
      secure: cookie.secure,
      sameSite: cookie.sameSite as any,
      path: cookie.path,
      maxAge: cookie.maxAge,
      httpOnly: cookie.httpOnly,
      expires: cookie.expires,
    });
  }

another thing I just noticed is that I can see all the appwrite cookies from any other route, but can't from middleware. that's weird

How are you extracting the cookie?

a simple example of getting all the cookies

TypeScript

    const { cookies } = await import("next/headers");
    const cookieStore = cookies();
    cookieStore.getAll().forEach((cookie) => {
      console.log(cookie);
    });

What's your middleware code?

just a simple check for auth status

TypeScript

export async function middleware(request: NextRequest) {
  const currentUser = await getCurrentUser();
  const path = request.nextUrl.pathname;

  /*
    If the user is not logged in
    and is trying to access an authenticated route,
    redirect to the home page
  */
  if (!currentUser && AUTH_ROUTES.includes(path)) {
    return NextResponse.redirect(new URL("/login", request.url));
  }

  /*
    If the user is logged in
    and is trying to access an unauthenticated route,
    redirect to dashboard
    */
  if (currentUser && UNAUTH_ROUTES.includes(path)) {
    return NextResponse.redirect(new URL("/dashboard", request.url));
  }
}

Try checking request.cookies

same thing. only the test cookies are there

It seems it's not being sent by the client then

well well well. ig you were right in the text u removed some min ago. the middleware doesn't have access to the appwrite cookies. i just tried removing the domain option from the code that sets my cookies and it started working magically

what's the domain of the cookie compared to your nextjs domain?

tho i'm still confused, why domain was preventing it from being read by middleware, while all other routes were reading it successfully

cloud.appwrite.io

the nextjs middleware DOES have access to cookies...the domain is something that restricts when cookies are sent by the client

that's not good. that doesn't work. you need to use a custom domain where your endpoint is a subdomain of your nextjs

and then the cookie domain should be set for your nextjs app

but I'm using the cloud version of appwrite and not really thinking about hosting it on a custom domain. if i just don't pass the option domain, will it be insecure?

then why the other routes were allowed to read it? cuz afaik, middleware and any other routes are running from the same host

you might run into other problems. the best thing to do is to set up the domains as we suggested

Need support?

Join our Discord

Get premium support

[SOLVED] email password session doesn't work in SSR

Recommended threads

Need support?

Join our Discord

Get premium support