A bit tricky of a question but here's the scenario. Also, sorry for posting here if not the correct project. Wasn't sure which repo to post under.
Using Nuxt with Express
- Using Express Sessions
- You have protected routes that lookup session to allow access
- From a Nuxt page component, you use fetch (), or other server side hooks, to hit the protected route for data.
This works without an issue from the browser's point of view as cookie/session can be detected. However, when the fetch hook is triggered from the server, cookie/session is lost. Following the, https://nuxtjs.org/examples/auth-routes/ is insufficient.
ie: if your protected route looks like
exports function(req,res){
if (!req.session.user) return res.status(401).send('not logged in')
}
Nuxt renderer will throw a 401 error as the hook call to the protected route will not contain the user session.
There are many solutions/workarounds here
- Not using sessions and turning to stateless tokens
- Not calling protected routes from server
- using the mounted hook instead
There may be others but probably in the realms of either or.
- The token solution works but is not straight forward and probably be worthwhile to have examples for people to follow and setup.
- not using protected routes from the server is a simple workaround but limits SSR on protected pages. From an SEO standpoint, this is completely fine and probably the use of SSR in the first place. Still not ideal.
<!--cmty--><!--cmty_prevent_hook--><div align="right"><sub><em>This question is available on <a href="https://nuxtjs.cmty.io">Nuxt.js</a> community (<a href="https://nuxtjs.cmty.io/nuxt/nuxt.js/issues/c285">#c285</a>)</em></sub></div>