search

atinux / nuxt-auth-utils

Add Authentication to Nuxt applications with secured & sealed cookies sessions.
MIT License
973 stars 91 forks source link

Unable to modify a session in from hook #261

Closed genu closed 3 weeks ago

genu commented 3 weeks ago

I'm running into an issue where, where I'm unable to modify a session from inside of the fetch hook.

Here is an example.

export default defineNitroPlugin(() => {
  sessionHooks.hook("fetch", async (session, event) => {
    const { getSASUrl } = $storage()

    // Update the SAS Token expiration, and get a new SAS token if it's expired
    const isTokenExpired = dayjs(session.SAS.expiresOn).isBefore(dayjs())

    if (isTokenExpired) {
      const { url, expiresOn } = await getSASUrl(
        session.activeTeam.id,
        StorageContainer.UserUploads,
      )
      session.SAS = {
        url,
        expiresOn,
      }
    }
})

when this hook runs in SSR context its able to get a updated SAS token based on the current expiresOn, however, when I refresh the page, the old cookie value is present.

Although the session is updated for the request, the cookie itself isn't updated, so the isTokenExpired above will always true because the session passed in will always be the session from the cookie.

I hope that makes sense.

is there a a proper way to update a session without having the user Logout and Log back in?

atinux commented 3 weeks ago

Hi @genu

This hook is only used to populate the session for the client-side with dynamic data but it cannot update the cookie, only the returned value for useUserSession() on the app-side.

is there a a proper way to update a session without having the user Logout and Log back in?

This is a bit related to #255, I would suggest a server middleware that can update the session.

genu commented 3 weeks ago

Thanks @atinux I moved the above to a middleware, and it seems to get the job done.

I appreciate it.