Is middleware an appropriate place to be refreshing JWT token cookies from external backend API? #79614
Unanswered
tyaan
asked this question in
App Router
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I just want all my server components that require login to start with a validation check with JWT token cookies, and redirect to login page is validation fails. When refresh is required, the server component needs to make a request to my Python Django back end with the refresh token cookie, receive the new access token in response and then attach that new access token cookie to the response to the browser along with the page content. But... there's no way to set response headers in a server component? I can't find a good way to get that new refreshed access token cookie back to the browser.
It looks like in page router you could edit a server component response headers in getServerSideProps, but there's no equivalent in app router. I've seen a few people recommending middleware, but the next.js docs state very clearly that it's not a good fit for session management (but it doesn't say why??).
Here's my implementation in middleware.ts that is working in development, but I'm worried that in production, the requests to my Django backend will be too slow for middleware. I'm also worried just because the docs literally state that middleware is not good for session management. Will this work fine, or is this a bad use of middleware? Is there a better way to do this?
Beta Was this translation helpful? Give feedback.
All reactions