Supabase•4mo ago

SvelteKit Server Side Authentication

I've followed the SvelteKit Server Side Authentication Guide and left with more questions than answers.

We're creating a Supabase Server Client in the Supabase Hook in
```
hooks.server.ts
```
hooks.server.ts
```
hooks.server.ts
```
hooks.server.ts
.
Then we're calling `event.locals.safeGetSession()` and set `event.locals.session` and `event.locals.user` in the auth hook, also in hooks.server.ts.
We're calling
```
event.locals.safeGetSession
```
event.locals.safeGetSession
```
event.locals.safeGetSession
```
event.locals.safeGetSession
again in
```
+layout.server.ts
```
+layout.server.ts
```
+layout.server.ts
```
+layout.server.ts
and return the session we got. Why doesn't we just return the
event.locals.session
event.locals.session
event.locals.session
event.locals.session already set in the auth hook?
In
```
+layout.ts
```
+layout.ts
```
+layout.ts
```
+layout.ts
(which run's both on server and client),
- on the server we're creating another Supabase Server client and get session and user again. Why? Until now we've called getUser and getSession 6 times on the server - auth hook in hooks.server.ts, server load in +layout.server.ts and server load here again.
on the client we're creating a Supabase Browser client and get session and user again. But from my understanding this code isn't called when the layout loads the first time (because the ssr version ran), but instead when the auth state changes (because of the
```
+layout.svelte
```
+layout.svelte
```
+layout.svelte
```
+layout.svelte
).