How does NextAuth persist session cookie in t3 stack
In an app created with create-t3-app, NextAuth is set up without the use of Next middlewares.
From my experience using Next with App Dir, a cookie can only be set server-side in a middleware or in a route handler. As said earlier, there are no NextAuth middlewares in created project, nor does NextAuth use a route handler to persist a session (eg. refresh session token).
The only NextAuth entrypoint in project is
getServerAuthSession
call in createTRPCContext
.
Furthermore, tRPC is setup to use unstable_httpBatchStreamLink
which streams the response (same streaming RSC), so you can't set a cookie with tRPC.
After thinking a bit,
probably, createTRPCContext
is run prior to sending the initial response. This is the only way I could imagine this works.
https://trpc.io/docs/server/context suggests that createTRPCContext
is run "for each invocation of tRPC". However, that does not suggest that it is run prior to sending the initial response.
Am I right? What am I missing here? Where can I find relevant documentation?1 Reply
Even if what I've come to is true, how does it work when a user requests a RSC? By the time
createTRPCContext
is called, the RSC response is already sent, so it won't take any additional cookies that are set by NextAuth.
I'm really confused here.