英文:
How can useUser() in the Auth0 nextjs-auth0 library lookup a user without reading cookies?
问题
Auth0的useUser() 尝试从/api/auth/me
获取已登录用户,调用handleAuth()
,该函数启动Auth0(创建sessionCache
实例等)并调用profileHandler(req, res)。
在profileHandler
中,我们看到调用sessionCache.isAuthenticated(req, res)
,这个函数反过来检查sessionCache
实例,查找以前的会话条目(键:req对象,值:包含用户信息、access_token、id_token等的加密对象)。
由于每个API调用,即从/api/auth/me
、/api/auth/login
或其他地方调用的handleAuth()
,都是一个独立的无服务器函数调用,profileHandler
(/api/auth/me
)真的会在sessionCache中找到一个条目吗?
我知道我们在登录时(在callbackHandler
中)在那里添加了一个条目,但我不理解缓存值是如何在两个独立的无服务器函数调用之间保持的。
nextjs-auth0在文档中表示:
> 默认情况下,会话是无状态的,存储在加密的cookie中。但如果您想要有状态的会话,可以提供一个具有get
、set
和destroy
方法的存储来在服务器上存储会话。
所以,我们知道它是无状态的。
英文:
Auth0's useUser() attempts to fetch a logged in user from /api/auth/me
, which calls handleAuth()
, which initiates Auth0 (creates sessionCache
instance, etc.) and calls profileHandler(req, res).
In the profileHandler
, we see a call to sessionCache.isAuthenticated(req, res)
, which in turn checks the sessionCache
instance for a previous session entry (key: req object, value: Encrypted object containing user info, access_token, id_token, etc.).
Since each API call, i.e. each call of handleAuth()
, whether from /api/auth/me
, /api/auth/login
, or otherwise, is a separate serverless function call, will profileHandler
(/api/auth/me
) really ever find an entry in the sessionCache?
I know we add an entry there at login (in callbackHandler
), but I do not understand how that cache value persists between two separate Serverless Function calls.
nextjs-auth0 states in the docs:
> By default, the session is stateless and stored in an encrypted
> cookie. But if you want a stateful session you can provide a store
> with get
, set
and destroy
methods to store the session on the
> server.
So, we know it is stateless.
答案1
得分: 2
我不理解缓存值如何在两个独立的无服务器函数调用之间持续存在。
会话存储在一个Cookie中,每个独立的无服务器函数调用都会读取该Cookie并填充sessionCache
(它在每个请求中存储会话在WeakMap中)。sessionCache
只是为了确保您可以在单个请求的生命周期内多次访问会话,而无需每次都读取/解密Cookie。
英文:
> I do not understand how that cache value persists between two separate Serverless Function calls.
The session is stored in a cookie and every separate Serverless Function call reads that cookie and populates the sessionCache
(which stores the session in a WeakMap per request). The sessionCache
is just there to make sure you can access the session multiple times during the lifecycle of a single request without having to read/decrypt the cookie every time.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论