[NextJS] Use web frameworks' built-in auth cookie instead of custom implementation

[jhuleatt]

The Firebase CLI's web frameworks tooling sets an auth cookie: https://github.com/FirebaseExtended/firebase-framework-tools/blob/087035d86c65c5810ab71f889e4d6160398368aa/src/firebase-aware.ts#L32

This means we probably don't need the current custom implementation: https://github.com/firebase/friendlyeats-web/blob/c43de974fbf44151217fe3238d610edee7b86b28/nextjs-end/src/app/api/route.js#L9

[ismaelaarab]

@jhuleatt

Does this imply that the example is primarily designed for use with Firebase Hosting?

If someone chooses to host their project on Vercel instead, will they need to implement additional custom logic in order to set the session on the server side?

[matallui]

Same question? ☝🏼

[leonam-okajima]

We really need clarification on this. Are the example and tutorial designed only for use with Firebase Hosting?

[EmanuelU]

after a lot of digging I am fairly sure the __session cookie expected in the tutorial is a firebase only thing, not from the auth package but from the frameworks.

[josancamon19]

Yup, thanks for asking this, I was close to giving up already, and just verified that indeed, it only works if you use firebase, either from emulators or not.

[WillZhao2021]

Was anyone able to get the __session cookie after this project is deployed to Firebase hosting? It was working fine with my hosting emulator, but it stopped working after I deployed it. I checked the cookies tab, no cookie is set at all.

[Herohtar]

This issue should be marked as solved, because the file in question no longer exists and indeed it seems that they implemented the auth token parsing using the __session cookie: https://github.com/firebase/friendlyeats-web/blob/02be588cf1ca3db5e8d7296b6aae19681f2533cf/nextjs-end/src/lib/firebase/firebase.js#L27

However, as a couple of the more recent comments indicate, the __session cookie doesn't actually appear to be set when trying to make this work in my own project, even when using Firebase Hosting. I'm not sure if this is something that changed with Firebase Auth or some other issue.

I did notice that something that looks like an auth token appears to be stored in Indexed DB, so maybe that's where it is now. I'm not sure how you make use of that though.

Edit: After doing a bit more digging, I believe the code in the repo is incomplete. It looks like the intention is for the client side part of the code to set the __session cookie itself and that it is not something that gets set automatically by Firebase Auth (and never was, as far as I can tell).