Sveltekit Server side authentication

auth

return {
    session,
    user,
    cookies: cookies.getAll(),
  }

return {
    session,
    user,
    cookies: cookies.getAll(),
  }

Which is available in the client with

    let { data } = $props();

    let { data } = $props();

But that exposes your session, access token, supabase keys and everything to the client, am I missing something here?

Configure your Supabase client to use cookies