Roast my demo app with Next.js and @supabase/ssr using httpOnly cookies
Hey everyone! I built a demo app showcasing server-side authentication with Supabase using httpOnly cookies and Magic Link auth. I'd love to get some fresh eyes on it to spot any potential issues or improvements.
What it includes:
- Next.js 15 (App Router)
- Magic Link passwordless authentication
- Server-side session management with secure httpOnly cookies
- Protected routes via middleware
Repo: https://github.com/zakzackr/supabase-ssr-httponly-demo
I know there are going to be trade-offs with this approach (no onAuthStateChange, can't use getUser() on client-side, etc.), so I'd love to get some other eyes on it to see if there are any flaws or improvements I'm missing. Any feedback would be greatly appreciated!
What it includes:
- Next.js 15 (App Router)
- Magic Link passwordless authentication
- Server-side session management with secure httpOnly cookies
- Protected routes via middleware
Repo: https://github.com/zakzackr/supabase-ssr-httponly-demo
I know there are going to be trade-offs with this approach (no onAuthStateChange, can't use getUser() on client-side, etc.), so I'd love to get some other eyes on it to see if there are any flaws or improvements I'm missing. Any feedback would be greatly appreciated!
GitHub
supabase/ssr + Next.js authentication demo with HttpOnly cookies - zakzackr/supabase-ssr-httponly-demo
