Better Auth•2w ago

Redirect Problem

hello again, I am struggling with another interesting problem. I am using Next 15.3.0 and my middleware.ts file is as follows

export async function middleware(request: NextRequest) {
    const { data: session } = await betterFetch("/api/auth/get-session", {
        baseURL:
            process.env.NODE_ENV === "production"
                ? process.env.NEXT_PUBLIC_BASE_URL
                : request.nextUrl.origin,
        headers: {
            cookie: request.headers.get("cookie") || "",
        },
    });
    const { nextUrl } = request;
    const { pathname } = nextUrl;
    if (session && guestPaths.includes(pathname)) {
        return NextResponse.redirect(new URL("/", request.url));
    }
    if (!session && protectedPaths.some((path) => pathname.startsWith(path))) {
        return NextResponse.redirect(
            new URL(`/hesap/giris?next=${pathname}`, request.url)
        );
    }
    return NextResponse.next();
}

export const config = {
    matcher: [
        "/((?!api|_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
    ],
};

export async function middleware(request: NextRequest) {
    const { data: session } = await betterFetch("/api/auth/get-session", {
        baseURL:
            process.env.NODE_ENV === "production"
                ? process.env.NEXT_PUBLIC_BASE_URL
                : request.nextUrl.origin,
        headers: {
            cookie: request.headers.get("cookie") || "",
        },
    });
    const { nextUrl } = request;
    const { pathname } = nextUrl;
    if (session && guestPaths.includes(pathname)) {
        return NextResponse.redirect(new URL("/", request.url));
    }
    if (!session && protectedPaths.some((path) => pathname.startsWith(path))) {
        return NextResponse.redirect(
            new URL(`/hesap/giris?next=${pathname}`, request.url)
        );
    }
    return NextResponse.next();
}

export const config = {
    matcher: [
        "/((?!api|_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
    ],
};

If the user quickly changes pages in a row or performs a repetitive action, they are suddenly redirected to the homepage, but no buttons or functions work after the redirection @Ping I will ask for your support in this matter 🙏

4 Replies

Furkan ÖzayOP•2w ago

I fixed it with getSessionCookie, I'll leave it in case anyone else is experiencing this error

import { NextRequest, NextResponse } from "next/server";
import { getSessionCookie } from "better-auth/cookies";
const guestPaths = [
  // your guestPaths...
];
const protectedPaths = [
    // your protected paths...
];
export async function middleware(request: NextRequest) {
    const session = getSessionCookie(request);
    const { nextUrl } = request;
    const { pathname } = nextUrl;
    if (session && guestPaths.includes(pathname)) {
        return NextResponse.redirect(new URL("/", request.url));
    }
    if (!session && protectedPaths.some((path) => pathname.startsWith(path))) {
        return NextResponse.redirect(
            new URL(`/auth/login?next=${pathname}`, request.url)
        );
    }
    return NextResponse.next();
}

export const config = {
    matcher: [
        "/((?!api|_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
    ],
};

import { NextRequest, NextResponse } from "next/server";
import { getSessionCookie } from "better-auth/cookies";
const guestPaths = [
  // your guestPaths...
];
const protectedPaths = [
    // your protected paths...
];
export async function middleware(request: NextRequest) {
    const session = getSessionCookie(request);
    const { nextUrl } = request;
    const { pathname } = nextUrl;
    if (session && guestPaths.includes(pathname)) {
        return NextResponse.redirect(new URL("/", request.url));
    }
    if (!session && protectedPaths.some((path) => pathname.startsWith(path))) {
        return NextResponse.redirect(
            new URL(`/auth/login?next=${pathname}`, request.url)
        );
    }
    return NextResponse.next();
}

export const config = {
    matcher: [
        "/((?!api|_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
    ],
};

but now if the user is deleted, it is considered logged in because the cookie remains. Is there a clear solution to this problem? @Ping @bekacru @bekacru can you help me ?

bekacru•2w ago

The middleware is a meant to be a shallow check. You still need to fetch session on each page and validate if the user has a session or not. So even if the user has a cookie but they are deleted or their session is revoked, the session check on the page/route should be the protection

skidy•2w ago

what's the point of the middleware if i had to check it again on the actual page?

Ping•2w ago

It's faster to check via middleware, than having a server run SSR just to redirect.

Gaming

Programming

Redirect Problem

Did you find this page helpful?