supabase.auth.getSession is a potential security risk in some instances because it gets the user's identity from storage that the client can manipulate. However, it is much faster as it does not make a fetch to the db.
We need to balance the use of getSession and getUser out so that the page is snappy, but needs to be very secure.
supabase.auth.getSession
is a potential security risk in some instances because it gets the user's identity from storage that the client can manipulate. However, it is much faster as it does not make afetch
to the db.We need to balance the use of
getSession
andgetUser
out so that the page is snappy, but needs to be very secure.