how to protect route based on role
@bekacru I used to protect routes using getSessionCookie, but now I want to protect them based on user roles. I tried using getSession() but it seems not provided. How can I check a user's role to protect specific routes or actions? it's enough if i know how to get session
Solution:Jump to solution
You can't use getSession in middleware.
Take a look at our middleware docs: https://www.better-auth.com/docs/integrations/next#middleware
You can directly fetch your auth API for session data.
...
4 Replies
Solution
You can't use getSession in middleware.
Take a look at our middleware docs: https://www.better-auth.com/docs/integrations/next#middleware
You can directly fetch your auth API for session data.
We recommend not handling protective redirects in the middleware layer, and instead treat middleware redirects as optimistic redirects. Instead, we recommend to implement proper authorization redirects in each page/route.
Instead, we recommend to implement proper authorization redirects in each page/routeIs there an example of this? I couldn't find anything in the docs
This just mans in each page component or api route, you should check if the user is authroized to access that page or not instead of at a middleware leve on nextjs. Since middlewares aren't really meant to do that.
thank you 🙌