how to protect route based on role
@bekacru I used to protect routes using getSessionCookie, but now I want to protect them based on user roles. I tried using getSession() but it seems not provided. How can I check a user's role to protect specific routes or actions? it's enough if i know how to get session
Solution
You can't use getSession in middleware.
Take a look at our middleware docs: https://www.better-auth.com/docs/integrations/next#middleware
You can directly fetch your auth API for session data.
We recommend not handling protective redirects in the middleware layer, and instead treat middleware redirects as optimistic redirects. Instead, we recommend to implement proper authorization redirects in each page/route.
Take a look at our middleware docs: https://www.better-auth.com/docs/integrations/next#middleware
You can directly fetch your auth API for session data.
We recommend not handling protective redirects in the middleware layer, and instead treat middleware redirects as optimistic redirects. Instead, we recommend to implement proper authorization redirects in each page/route.
