man, I was having so much trouble to understand authentication, thank you so much, you deserve more views

Great explanation. I'm coming from PHP to React via Next JS. Was really struggling with storing secure cookies server-side with Next JS and not getting the answers I needed. This was clear and concise. Thanks for that and I am definitely going to buy that course.

well explained, alot of developers always have difficulties explaining cookies and sessions... well supper well done

Huge thanks for posting this Leigh - video came just as I was beginning to ask questions on this! Thanks for continuing to put out awesome content!

Where have you been all my life :))) thank you so much!!!

Your content is awesome! Most of what I've learned about NextJS was in your channel :) Thank you!

Actual tutorials, thank you 😍

Thank you, king 🤴

after hours of research this video solved my confusion Thank you for your help!

The best way to SET and REMOVE the cookie on Server Side...Thank you soo much 🤜🤛

Hi! I very appreciate you for doing all these tutorials

I was struggling with cookies-next for almost 2 hours. js-cookie n you saved my like. Ty

Thanks a lot dude! I was actually having a problem to delete a httpOnly cookie and your video make it clear to me!

Thank you Leigh

This is exactly what i am looking for.thx.

Thank you so much Leigh !

Thank you. Awesome tutorial 💪

man i was stuck on bug from 2 weeks and this video helped me resolve it.

Explained so well, thank you so much!

Sir, wonderful explanation, this was very helpful thank you.

Very well explained, thanks!

awesome content, helped me a lot!! thanks!

Love the video, thanks!

Thanks for helping 💯

Thanks you're a life saver

Great explanation, is it possible for the refresh token.?

Hi. When you talking about the server-side cookies, What means that the browser can't read the cookies? Probably you can't get them from js-client, but we can still read them from the devtools. I think that I didn't get this security part

thanks leigh

It worked thankyou so much

Thanks for sharing this.

awesome!

Great explanation, I really liked your calm tone and method of teaching. I just have one doubt. How can I read this cookie to make sure that the user does not need to login?

Great video man

Ty, really helpful.

Thank you so much!

How can I protect it from CSRF Attack? Please reply

You're an absolute boss, Leigh! Quick question, when you checked out the api calls in the dev tools you could see the value of the token. Is that not a problem because the value was set on the server instead of set on the client (aka h4ck3rs can't manipulate your code on the server so it didn't matter that they could read the token)?

I feel like a cookie master now! Well, almost. ;)

Hello, great video I would like to know why are you defining the cookie in the front instead of the api/login.js ?

Thanks for the example. Does this still apply now or theres a better way.

How to use it with express-session and witgout nextjs api routes ?

Which cases would you just want to use local storage?

thank you for the explanation im wondering how i can pass that cookie back to the server for authorazation checking (i mean the secure way)

Thank you for your explanation. But I have a questions, can I use the same API endpoint with a mobile app? Because I'm used to use tokens in local storage.

Beginner here bro, the backend usually will setup the httponly: true? not the frontend will setup this? the frontend will just received the secure token to store directly to the cookies?

Hi Leigh!, thank you for making this amazing course! I just have a question. I make a request to the login API and I receive the refresh token that is in the cookie and the access token that is in the response body. Now how should I handle the access token on the client side(next js)? If I store this in a global state like context API, then I don't have access to that state in the getServerSideProps function, and I can't set it in the request.header.authorization because getServerSideProps run on the server side and the state is on the client side! what is the right flow for this kind of case?

I really like the way you explained. I wanted to buy your course through the "Get Access" button, but the button didn't work.

After setting token from Server side, how can I use token to check whether a client is login or not ?

thank you

Hi, how would you do to use js-cookie from the _app file since I need to set the cookie and check in any page of the app and then need to use getInitialProps instead of getServerSideProps

Is there a size limit on server side cookies?

Thanks

Great vid! PS: How does this work with a pre-rendered page where I don't have access to the req object?? SSR is not the fastest for most apps

Beginner here bro, the backend usually will setup the httponly: true? not the frontend will setup the httponly: true? the frontend will just received the secure token with httponly: true attached already to store directly to the cookies?

Hey Leigh, I had a question. Even if Javascript on the frontend won't be able to read the http-only cookies, we can still see its value on the browser's Developers Tools, so how does that make it safer? For example, would it be safe to store JWT Authentication tokens as http-only cookies?

I am unable to get the cookies in _app.js. How can I get it there?

Thank you Leigh!. A stupid question: i'm working on a Next js auth session. In a real scenario my cookie http only (jwt) must be visible always in my Storage_Inspector/Cookies? Or my http only cookies must NEVER be visible in the browser? I don't know if I've made myself clear

We load our app inside an under third party sites. Third party cookies are automatically blocked inside an . Does that mean i can never use frameworks like nextjs or Remix?

i do this , but in production i have problems

thank's alot

hello, i just wondering how can I apply this if the API is from the django and, I cant get the token from cookie when I fetching get API from django saying unauthorized, it seems that the bearer token not set properly, but when i refresh the browser the cookie is accessible and the get API works. how can i achieved to handle token from cookie without refreshing the browser.

So i am using axios on frontend and I see you are returning the session token with getServerSideProps. Now my question is how do i send this to axios do i need to pass this token with all the children which will be hell for me. Can i store this token on a context or is also a bad way of doing? or can I create a function to fetch the token and then call axios. Please let me know which is the best way of doing this

Thank you, but can it work if I deploy nextjs app and expressjs app to different domain?

how to set the cookie in serverside in next 13 app router

Great tutorial! how would you authenticate though certain routes? (without next-auth). I'm trying to do the authentication with wordpress and its rest api but really struggle.. id like also to avoid serversideprops as it would make my whole project slow again

Great! I have a question about getServerSideProps. if router.push to the page with getServerSideProps, Is the page SSR?

Quick question, incase of isomorphic application development after login cookies set at client-side and API used for login is not belongs to same domain, how to cover this scenario please advise

Hi Hall, this is hendra from Indonesia. Is your course available on Udemy ? Your course is looks great, covered lots of stuff...

Hi, i setup the cookie using login api route as shown in the video. I want to send the jwt token from client end to do some queries and mutations on the server. The cookie is not available on client end to do that operation. One way is to get the cookie on getServerSideProps and pass it onto the component or the other way is to store it locally using local storage or client side cookie. What will be your suggestion? Is there any other way out?

What if you want to fetch data on the server with these cookies? How would it work?

how read token from _app to setUser Login

I'm new in Next.js. I have this .ts file that detects some redirects. In other words detects some special urls in må app. Lets say I it's detects /hello-world in the url. I then want to delete a cookie on the SSR side. How would I do this. I dont know where to get the res from on the page.

I'm getting this error on logout: Cannot set headers after they are sent to the client

bro you saved my ass thanks

Can anyone manipulate server side cookies.

I'm so confused how the node server works in next.js. it's all single files for any route? What about secret routes? Watching the entire app to help you :)

js-cookis return undefin

I think you should comment in your video that this is not how a login or logout should work and to be honest, I think using login and logout as the example was suboptimal. Someone new to all this might get a totally wrong impression. Good video otherwise.