Performance: Server-side session access
MEDIUM IMPACT
This affects the time to first byte (TTFB) and overall server response time, impacting how quickly the page starts rendering.
0Server-side session access in NextJS - Performance & Optimization
Start learning this pattern below
Jump into concepts and practice - no test required
or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Reading user session data during server-side rendering
NextJS
import { unstable_getServerSession } from 'next-auth/next'; export async function getServerSideProps(context) { const session = await unstable_getServerSession(context.req, context.res, authOptions); return { props: { user: session?.user ?? null } }; }
Uses optimized async session retrieval with caching and minimal parsing, reducing server blocking time.
📈 Performance Gainreduces blocking time by 50-70ms on average
Reading user session data during server-side rendering
NextJS
export async function getServerSideProps(context) { const session = await getSession({ req: context.req }); // heavy synchronous session parsing or multiple session reads return { props: { user: session.user } }; }
Multiple or heavy synchronous session reads block server response, increasing TTFB and delaying page render.
📉 Performance Costblocks rendering for 100-300ms depending on session complexity
Performance Comparison
| Pattern | DOM Operations | Reflows | Paint Cost | Verdict |
|---|---|---|---|---|
| Heavy synchronous session parsing | N/A (server-side) | N/A | N/A | [X] Bad |
| Optimized async session retrieval with caching | N/A (server-side) | N/A | N/A | [OK] Good |
Rendering Pipeline
Server-side session access happens before HTML is sent to the browser, affecting server response time and delaying the start of the browser's rendering pipeline.
→Server Processing
→Network Transfer
→First Paint
⚠️ BottleneckServer Processing (session retrieval and parsing)
Core Web Vital Affected
LCP
This affects the time to first byte (TTFB) and overall server response time, impacting how quickly the page starts rendering.
Optimization Tips
1Avoid heavy synchronous session parsing during server-side rendering.
2Use async session retrieval methods with caching to reduce server blocking.
3Keep session data minimal to speed up server response and improve LCP.
Performance Quiz - 3 Questions
Test your performance knowledge
How does inefficient server-side session access affect page load?
DevTools: Network
How to check: Open DevTools, go to Network tab, reload page, and check the TTFB value for the main document request.
What to look for: A high TTFB indicates slow server processing, possibly due to inefficient session access.
Practice
1. What is the main purpose of using
getServerSession in Next.js?easy
Solution
Step 1: Understand the role of
This function is designed to retrieve session information securely on the server side in Next.js.getServerSessionStep 2: Compare with other options
Options A, C, and D describe client-side or unrelated tasks, not server-side session access.Final Answer:
To access user session data securely on the server side -> Option DQuick Check:
Server-side session access = To access user session data securely on the server side [OK]
Hint: Remember: sessions store user info safely on the server [OK]
Common Mistakes:
- Confusing client-side data fetching with server session access
- Thinking
getServerSessionruns on the client - Mixing session access with styling or routing
2. Which is the correct way to import
getServerSession in a Next.js page?easy
Solution
Step 1: Identify the correct import source
The official Next.js authentication library exportsgetServerSessionfrom 'next-auth/next'.Step 2: Check other imports
Options A, B, and D import from unrelated Next.js modules, causing errors or undefined functions.Final Answer:
import { getServerSession } from 'next-auth/next'; -> Option AQuick Check:
Correct import path = import { getServerSession } from 'next-auth/next'; [OK]
Hint: Use 'next-auth/next' to import server session helpers [OK]
Common Mistakes:
- Importing from 'next/server' which lacks session helpers
- Confusing routing or head modules with auth imports
- Using default import instead of named import
3. Given this code inside
getServerSideProps in Next.js, what will be logged if the user is not logged in?export async function getServerSideProps(context) {
const session = await getServerSession(context.req, context.res, authOptions);
console.log(session);
return { props: { user: session?.user || null } };
}medium
Solution
Step 1: Understand session when user is not logged in
If no user is logged in,getServerSessionreturns null, not undefined or error.Step 2: Check the code's handling of session
The code logssessiondirectly, so it logs null. The props user is set to null safely.Final Answer:
null -> Option CQuick Check:
Session for no user = null [OK]
Hint: No login means session is null, not undefined or error [OK]
Common Mistakes:
- Assuming session is undefined instead of null
- Expecting an error when session is missing
- Confusing logged user object with session presence
4. What is wrong with this Next.js server-side session code?
export async function getServerSideProps(context) {
const session = getServerSession(context.req, context.res, authOptions);
if (!session) {
return { redirect: { destination: '/login', permanent: false } };
}
return { props: { user: session.user } };
}medium
Solution
Step 1: Check async function usage
getServerSessionreturns a Promise, so it must be awaited to get the session object.Step 2: Analyze the impact of missing await
Without await,sessionis a Promise, so the if check fails and code behaves incorrectly.Final Answer:
Missing await before getServerSession call -> Option AQuick Check:
Async calls need await = Missing await before getServerSession call [OK]
Hint: Always await async session calls in server functions [OK]
Common Mistakes:
- Forgetting to await async functions
- Confusing redirect destinations with errors
- Thinking getServerSideProps can't redirect
5. You want to protect a Next.js page so only logged-in users can access it. Which approach correctly uses
getServerSession inside getServerSideProps to redirect unauthenticated users to '/login' and pass user data to the page?hard
Solution
Step 1: Check session retrieval and await usage
export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } correctly awaitsgetServerSessionto get the session object.Step 2: Verify redirect logic for unauthenticated users
export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } redirects if!session, which means no logged-in user, correctly protecting the page.Step 3: Confirm user data is passed when session exists
export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } returns user data in props only if session exists, enabling page to render user info.Final Answer:
export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } -> Option BQuick Check:
Await session + redirect if no session = export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } [OK]
Hint: Await session, redirect if missing, pass user in props [OK]
Common Mistakes:
- Not awaiting the session Promise
- Redirecting when session exists instead of missing
- Checking session.user without confirming session exists