Session Auth without Next-Auth
Hi all,
I’m primarily a backend dev with experience using Express/Fastify with session-based authentication using cookies and libraries like express-session.
I’m diving pretty deep into NextJS and the T3 stack, but one question I just haven’t been able to “crack” is how to do session auth using this stack. The vast majority of projects I’m in use credential-based auth, which I don’t find plays very nicely with Next-Auth which I know most Next devs use. I’ve tried it a number of times, but I really believe Next-Auth is a bit too opinionated for credentials (or at the very least requires a LOT of setup/boilerplate). That being said, has anyone had any success using a different library for session auth in NextJS? I really like using Redis for this, as that allows a method for revoking tokens/user sessions. Thanks in advance!
I’m diving pretty deep into NextJS and the T3 stack, but one question I just haven’t been able to “crack” is how to do session auth using this stack. The vast majority of projects I’m in use credential-based auth, which I don’t find plays very nicely with Next-Auth which I know most Next devs use. I’ve tried it a number of times, but I really believe Next-Auth is a bit too opinionated for credentials (or at the very least requires a LOT of setup/boilerplate). That being said, has anyone had any success using a different library for session auth in NextJS? I really like using Redis for this, as that allows a method for revoking tokens/user sessions. Thanks in advance!
3 Replies
i don't understand what your question was about, but I guess you might be interested in
iron-session
It's pretty goodI think the first thing you should understand is that t3 is just a stack
This means different things were combined to form a boilerplate starter
Secondly, look at this post. You may get some inspiration
https://discord.com/channels/966627436387266600/1089824174693941301
Thanks, @BabaYaga I’ve actually used iron session in the past and really liked it. I wish they had some sort of “store” option, but it’s an excellent package nonetheless.
Thanks, @Lopen32! It’s not so much CSRF protection I was looking for, but rather a method of storing user sessions without using Next-Auth.
I actually posted this question only a day or two before stumbling across next-session which includes an option for custom session stores (which I was able to implement with Redis). I posted my solution here, so hopefully this is able to help others with similar needs: https://discord.com/channels/966627436387266600/1091389956695539823