Sessions
Edit this pageWhen user information is required, it is usually done by checking the request for information. The best way for the client and server to do that is using cookies.
The Request
object can be used to access the Cookie
Headers, which can then be parsed to get the value for that specific cookie.
For example, "session"
can be used to identify the session.
Fortunately, Nitro comes ready with helpers that enable this.
For example, if you wanted to use a cookie to identify a user, you can use the useSession
helper from vinxi/http
:
The session cookie can be used to get the session data about the request.
How the session data is stored and retrieved, however, is up to the implementation of the useSession
.
Typically, userId
will be saved in the session data and if it is not found, it indicates that the request was not authenticated.
The getUser
function returns a null
when it does not find a user and if a user is found, it will be used to get the user from the database:
This helper can be used wherever you want to authenticate the request, including in server functions and API routes.
Additionally, you can use it with cache
from solid-router
to make sure that only authenticated users can access the data.
That way if the user is not authenticated, the request will be redirected to the login page.
This also allows logging in and out of the session in a similar manner: