NextAuth session storage
I'm a bit confused reading the NextAuth documentation (probably because my knowledge of security is not very good).
Well, it says that NexAuth by default stores sessions in JWT (which is probably safer than cookies), but when we add an adapter to the database (I added it), it starts storing them in a server side cookie.
I'm wondering whether to do a custom config now to store the session back in JWT. Are server side cookies enough?
By the way, how do you store the fact that a user is logged in? Just the sessionid from useSession and passing that to the context?
Well, it says that NexAuth by default stores sessions in JWT (which is probably safer than cookies), but when we add an adapter to the database (I added it), it starts storing them in a server side cookie.
I'm wondering whether to do a custom config now to store the session back in JWT. Are server side cookies enough?
By the way, how do you store the fact that a user is logged in? Just the sessionid from useSession and passing that to the context?
Similar Threads
Was this page helpful?
