Bird
Raised Fist0
NextJSframework~10 mins

Server-side session access in NextJS - Interactive Code Practice

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to import the session function from the right package.

NextJS
import { [1] } from '@/auth';
Drag options to blanks, or click blank then click option'
ASessionProvider
BgetSession
CuseSession
Dauth
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'useSession' which is a client-side hook.
Importing 'getSession' which is used differently.
Importing 'SessionProvider' which is a React component.
2fill in blank
medium

Complete the code to get the session inside a Next.js server component.

NextJS
export default async function Page() {
  const session = await [1]();
  return <div>{session ? 'Logged in' : 'Not logged in'}</div>;
}
Drag options to blanks, or click blank then click option'
AgetSession
BuseSession
Cauth
DfetchSession
Attempts:
3 left
💡 Hint
Common Mistakes
Trying to use 'useSession' in server components.
Using 'getSession' which is not imported here.
Calling a non-existent 'fetchSession' function.
3fill in blank
hard

Fix the error in this server action that tries to access the session.

NextJS
import { auth } from '@/auth';

export async function action() {
  const userSession = await [1]();
  if (!userSession) throw new Error('No session');
  return userSession.user.email;
}
Drag options to blanks, or click blank then click option'
Aauth
BfetchSession
CuseSession
DgetSession
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'useSession' which is client-only.
Calling 'getSession' without importing it.
Not awaiting the auth function.
4fill in blank
hard

Fill both blanks to create a server component that shows the user's email if logged in.

NextJS
import { [1] } from '@/auth';

export default async function UserEmail() {
  const session = await [2]();
  return <p>{session ? session.user.email : 'Guest'}</p>;
}
Drag options to blanks, or click blank then click option'
Aauth
BgetSession
CuseSession
DSessionProvider
Attempts:
3 left
💡 Hint
Common Mistakes
Mixing 'getSession' import with 'auth' call.
Using 'useSession' which is client-only.
Importing 'SessionProvider' which is a React component.
5fill in blank
hard

Fill all three blanks to create a server action that returns the user's name or 'Anonymous'.

NextJS
import { [1] } from '@/auth';

export async function getUserName() {
  const sess = await [2]();
  return sess?.user?.[3] ?? 'Anonymous';
}
Drag options to blanks, or click blank then click option'
Aauth
BgetSession
Cname
Demail
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'getSession' without importing it.
Accessing 'email' instead of 'name'.
Not using optional chaining for safe access.

Practice

(1/5)
1. What is the main purpose of using getServerSession in Next.js?
easy
A. To fetch data from an external API on the client side
B. To handle client-side routing between pages
C. To style components dynamically based on user input
D. To access user session data securely on the server side

Solution

  1. Step 1: Understand the role of getServerSession

    This function is designed to retrieve session information securely on the server side in Next.js.

  2. Step 2: Compare with other options

    Options A, C, and D describe client-side or unrelated tasks, not server-side session access.

  3. Final Answer:

    To access user session data securely on the server side -> Option D

  4. Quick Check:

    Server-side session access = To access user session data securely on the server side [OK]
Hint: Remember: sessions store user info safely on the server [OK]
Common Mistakes:
  • Confusing client-side data fetching with server session access
  • Thinking getServerSession runs on the client
  • Mixing session access with styling or routing
2. Which is the correct way to import getServerSession in a Next.js page?
easy
A. import { getServerSession } from 'next-auth/next';
B. import getServerSession from 'next/server';
C. import { getServerSession } from 'next/router';
D. import { getServerSession } from 'next/head';

Solution

  1. Step 1: Identify the correct import source

    The official Next.js authentication library exports getServerSession from 'next-auth/next'.

  2. Step 2: Check other imports

    Options A, B, and D import from unrelated Next.js modules, causing errors or undefined functions.

  3. Final Answer:

    import { getServerSession } from 'next-auth/next'; -> Option A

  4. Quick Check:

    Correct import path = import { getServerSession } from 'next-auth/next'; [OK]
Hint: Use 'next-auth/next' to import server session helpers [OK]
Common Mistakes:
  • Importing from 'next/server' which lacks session helpers
  • Confusing routing or head modules with auth imports
  • Using default import instead of named import
3. Given this code inside getServerSideProps in Next.js, what will be logged if the user is not logged in?
export async function getServerSideProps(context) {
  const session = await getServerSession(context.req, context.res, authOptions);
  console.log(session);
  return { props: { user: session?.user || null } };
}
medium
A. undefined
B. An object with user details
C. null
D. A runtime error

Solution

  1. Step 1: Understand session when user is not logged in

    If no user is logged in, getServerSession returns null, not undefined or error.

  2. Step 2: Check the code's handling of session

    The code logs session directly, so it logs null. The props user is set to null safely.

  3. Final Answer:

    null -> Option C

  4. Quick Check:

    Session for no user = null [OK]
Hint: No login means session is null, not undefined or error [OK]
Common Mistakes:
  • Assuming session is undefined instead of null
  • Expecting an error when session is missing
  • Confusing logged user object with session presence
4. What is wrong with this Next.js server-side session code?
export async function getServerSideProps(context) {
  const session = getServerSession(context.req, context.res, authOptions);
  if (!session) {
    return { redirect: { destination: '/login', permanent: false } };
  }
  return { props: { user: session.user } };
}
medium
A. Missing await before getServerSession call
B. Redirect destination should be '/home' instead of '/login'
C. session.user is undefined even if session exists
D. getServerSideProps cannot return redirect objects

Solution

  1. Step 1: Check async function usage

    getServerSession returns a Promise, so it must be awaited to get the session object.

  2. Step 2: Analyze the impact of missing await

    Without await, session is a Promise, so the if check fails and code behaves incorrectly.

  3. Final Answer:

    Missing await before getServerSession call -> Option A

  4. Quick Check:

    Async calls need await = Missing await before getServerSession call [OK]
Hint: Always await async session calls in server functions [OK]
Common Mistakes:
  • Forgetting to await async functions
  • Confusing redirect destinations with errors
  • Thinking getServerSideProps can't redirect
5. You want to protect a Next.js page so only logged-in users can access it. Which approach correctly uses getServerSession inside getServerSideProps to redirect unauthenticated users to '/login' and pass user data to the page?
hard
A. export async function getServerSideProps(context) { const session = getServerSession(context.req, context.res, authOptions); if (session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: null } }; }
B. export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; }
C. export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); return { props: { user: session.user } }; }
D. export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session.user) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; }

Solution

  1. Step 1: Check session retrieval and await usage

    export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } correctly awaits getServerSession to get the session object.

  2. Step 2: Verify redirect logic for unauthenticated users

    export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } redirects if !session, which means no logged-in user, correctly protecting the page.

  3. Step 3: Confirm user data is passed when session exists

    export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } returns user data in props only if session exists, enabling page to render user info.

  4. Final Answer:

    export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } -> Option B

  5. Quick Check:

    Await session + redirect if no session = export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } [OK]
Hint: Await session, redirect if missing, pass user in props [OK]
Common Mistakes:
  • Not awaiting the session Promise
  • Redirecting when session exists instead of missing
  • Checking session.user without confirming session exists