Client side vs Server side auth guard
Unanswered
XandoR posted this in #help-forum
XandoROP
Hello there ! 👋
I'm using Better Auth in an external nodejs server to authenticate users for my NextJS app
As there is no way to hydrate session into better auth client, I am using two clients ( authServerClient to fetch session server side and authClient to fetch session client side ), as I need to use the session client side, better auth will fetch the session informations anyway, so, should I still implement server side session guard and have both server and cliend side for better security or this is kinda useless and i should just keep client side only ?
What do you think about it ?
If this is not clear or you have any questions feel free to ask
I'm using Better Auth in an external nodejs server to authenticate users for my NextJS app
As there is no way to hydrate session into better auth client, I am using two clients ( authServerClient to fetch session server side and authClient to fetch session client side ), as I need to use the session client side, better auth will fetch the session informations anyway, so, should I still implement server side session guard and have both server and cliend side for better security or this is kinda useless and i should just keep client side only ?
What do you think about it ?
If this is not clear or you have any questions feel free to ask
1 Reply
@XandoR Hello there ! 👋
I'm using Better Auth in an external nodejs server to authenticate users for my NextJS app
As there is no way to hydrate session into better auth client, I am using two clients ( authServerClient to fetch session server side and authClient to fetch session client side ), as I need to use the session client side, better auth will fetch the session informations anyway, so, should I still implement server side session guard and have both server and cliend side for better security or this is kinda useless and i should just keep client side only ?
What do you think about it ?
If this is not clear or you have any questions feel free to ask
Saltwater Crocodile
Even if the client fetches the session anyway, server-side guards aren't redundatn. Client side auth is about rendering and user experience, while server-side checks are what actually protect your data nad actions. I'd keep both, cliend-side for UI, server-side for authorization.