CSR with Serverside Auth

Hello everyone, according to best practices I would like to use server-side authentification as I would also like to render a big chunk of my app serverside. However, there are parts I would prefer to render client side which would require the webSDK correct? How can I authenticate the webSDK when using the serverSDK for auth? Do I need to authenticate in parallel? Or can I do it with token? Whats the most secure way?

Check out your

Use JWT to allow Client Side interactions after SSR Auth? Thread for the answer and I think this thread is not needed as the one I mentioned above has the same issue you have created so it's better not to create duplicates of the same issue.

Follow https://appwrite.io/docs/products/auth/server-side-rendering especially the cookie name. And you'll have to use a custom domain that's a sub domain of your app. This way the session cookie goes to both your backend and Appwrite

But if I would use multiple instances of my app on the same domain (e.g. deployment for company1.domain.com, company2.domain...) with the same appwrite instance, it would not be possible right? Isnt JWT Token the better and safer way of doing it or does this come with problems as well?

Set the domain of the cookie to be the base domain.

No, JWT isn't a magical cure all

Whats the downside of JWT? Currently I am also running the app on 2 different hostnames (a subsection of the application has its own hostname)...

You mean storing the JWT at local storage then using it? If so, it's unsafe, that's why it's not recommended in production