Closed ykdojo closed 1 year ago
Hi 👋🏻 I could help, can you indicate me where the redirection is?
@Olyno thank you. Did you try finding it yourself first?
Actually, i got a look in the code, and got confused by how Supabase was used. I'm not sure why you're using Supabase on the server side only, while you could use on the client.
I think the way to solve your issue would be to move the auth security on the server side, and remove the session
object to use the user
object from Supabase directly, using the Supabase auth helper. I can do it for you if that's okay.
I have solved this issue in one line. Can I create a PR @ykdojo ?
Actually, i got a look in the code, and got confused by how Supabase was used. I'm not sure why you're using Supabase on the server side only, while you could use on the client.
This repo will hopefully help you understand it better: https://github.com/ykdojo/supabase-nextjs-simple-auth
This repo will hopefully help you understand it better: ykdojo/supabase-nextjs-simple-auth
I mean, look at the pr i did, this is completely different
I looked at the repo, and this one is exactly like the current one. Both repos use an authentication system on the client with local storage, which is a bad practice in my opinion.
Supabase provides many tools to make authentication simple, but you are using localStorage
as verification, which is not secure at all.
How would you recommend that we implement this then?
As I said, the best would be to use the tools that Supabase offers, and to make an authentication in SSR if you use a server part. If you use only client, in this case it should be privileged that the client, but it is not your case.
You can see the implementation I recommend in PR #272
Thank you. I added a comment on #272
I tried to solve it on my local machine. My approach is to take the session as a prop and while routing the submit question using href, add a ternary check if the session is there then redirect to an add question page otherwise signup page.
Another way to resolve this issue is by adding private routes for the pages where we need the user should be logged in.
Description
When you try to go to the question submission page before logging in, you're redirected to the signup page.
This behavior is good, but with the current redirect method, the back button doesn't work.
Is there a better way to redirect to avoid this issue?