Bird
Raised Fist0
NextJSframework~3 mins

Why Server-side session access in NextJS? - Purpose & Use Cases

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
The Big Idea

Discover how to make your app remember users safely and effortlessly on the server side!

The Scenario

Imagine building a website where users log in, and you try to remember who they are by checking cookies manually on every page load.

You write code to parse cookies, verify tokens, and fetch user data on each request, repeating this everywhere.

The Problem

Manually handling sessions is slow and error-prone because you must repeat cookie parsing and validation logic in many places.

This leads to bugs, security risks, and makes your code hard to maintain and update.

The Solution

Server-side session access in Next.js lets you read and verify user sessions centrally on the server before rendering pages.

This means you get reliable user info securely and easily, without repeating code or risking mistakes.

Before vs After
Before
const cookies = req.headers.cookie;
const token = parseToken(cookies);
const user = await verifyToken(token);
// repeat in every API or page
After
import { getServerSession } from 'next-auth/next';
const session = await getServerSession(req, res);
if (session) { /* user is logged in */ }
What It Enables

You can securely and efficiently personalize pages and APIs based on who the user is, improving user experience and security.

Real Life Example

On an e-commerce site, server-side session access lets you show a user's saved cart and order history immediately when they visit, without extra loading steps.

Key Takeaways

Manual session handling repeats code and risks errors.

Server-side session access centralizes and secures user info retrieval.

This makes your app faster, safer, and easier to build.

Practice

(1/5)
1. What is the main purpose of using getServerSession in Next.js?
easy
A. To fetch data from an external API on the client side
B. To handle client-side routing between pages
C. To style components dynamically based on user input
D. To access user session data securely on the server side

Solution

  1. Step 1: Understand the role of getServerSession

    This function is designed to retrieve session information securely on the server side in Next.js.

  2. Step 2: Compare with other options

    Options A, C, and D describe client-side or unrelated tasks, not server-side session access.

  3. Final Answer:

    To access user session data securely on the server side -> Option D

  4. Quick Check:

    Server-side session access = To access user session data securely on the server side [OK]
Hint: Remember: sessions store user info safely on the server [OK]
Common Mistakes:
  • Confusing client-side data fetching with server session access
  • Thinking getServerSession runs on the client
  • Mixing session access with styling or routing
2. Which is the correct way to import getServerSession in a Next.js page?
easy
A. import { getServerSession } from 'next-auth/next';
B. import getServerSession from 'next/server';
C. import { getServerSession } from 'next/router';
D. import { getServerSession } from 'next/head';

Solution

  1. Step 1: Identify the correct import source

    The official Next.js authentication library exports getServerSession from 'next-auth/next'.

  2. Step 2: Check other imports

    Options A, B, and D import from unrelated Next.js modules, causing errors or undefined functions.

  3. Final Answer:

    import { getServerSession } from 'next-auth/next'; -> Option A

  4. Quick Check:

    Correct import path = import { getServerSession } from 'next-auth/next'; [OK]
Hint: Use 'next-auth/next' to import server session helpers [OK]
Common Mistakes:
  • Importing from 'next/server' which lacks session helpers
  • Confusing routing or head modules with auth imports
  • Using default import instead of named import
3. Given this code inside getServerSideProps in Next.js, what will be logged if the user is not logged in?
export async function getServerSideProps(context) {
  const session = await getServerSession(context.req, context.res, authOptions);
  console.log(session);
  return { props: { user: session?.user || null } };
}
medium
A. undefined
B. An object with user details
C. null
D. A runtime error

Solution

  1. Step 1: Understand session when user is not logged in

    If no user is logged in, getServerSession returns null, not undefined or error.

  2. Step 2: Check the code's handling of session

    The code logs session directly, so it logs null. The props user is set to null safely.

  3. Final Answer:

    null -> Option C

  4. Quick Check:

    Session for no user = null [OK]
Hint: No login means session is null, not undefined or error [OK]
Common Mistakes:
  • Assuming session is undefined instead of null
  • Expecting an error when session is missing
  • Confusing logged user object with session presence
4. What is wrong with this Next.js server-side session code?
export async function getServerSideProps(context) {
  const session = getServerSession(context.req, context.res, authOptions);
  if (!session) {
    return { redirect: { destination: '/login', permanent: false } };
  }
  return { props: { user: session.user } };
}
medium
A. Missing await before getServerSession call
B. Redirect destination should be '/home' instead of '/login'
C. session.user is undefined even if session exists
D. getServerSideProps cannot return redirect objects

Solution

  1. Step 1: Check async function usage

    getServerSession returns a Promise, so it must be awaited to get the session object.

  2. Step 2: Analyze the impact of missing await

    Without await, session is a Promise, so the if check fails and code behaves incorrectly.

  3. Final Answer:

    Missing await before getServerSession call -> Option A

  4. Quick Check:

    Async calls need await = Missing await before getServerSession call [OK]
Hint: Always await async session calls in server functions [OK]
Common Mistakes:
  • Forgetting to await async functions
  • Confusing redirect destinations with errors
  • Thinking getServerSideProps can't redirect
5. You want to protect a Next.js page so only logged-in users can access it. Which approach correctly uses getServerSession inside getServerSideProps to redirect unauthenticated users to '/login' and pass user data to the page?
hard
A. export async function getServerSideProps(context) { const session = getServerSession(context.req, context.res, authOptions); if (session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: null } }; }
B. export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; }
C. export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); return { props: { user: session.user } }; }
D. export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session.user) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; }

Solution

  1. Step 1: Check session retrieval and await usage

    export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } correctly awaits getServerSession to get the session object.

  2. Step 2: Verify redirect logic for unauthenticated users

    export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } redirects if !session, which means no logged-in user, correctly protecting the page.

  3. Step 3: Confirm user data is passed when session exists

    export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } returns user data in props only if session exists, enabling page to render user info.

  4. Final Answer:

    export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } -> Option B

  5. Quick Check:

    Await session + redirect if no session = export async function getServerSideProps(context) { const session = await getServerSession(context.req, context.res, authOptions); if (!session) { return { redirect: { destination: '/login', permanent: false } }; } return { props: { user: session.user } }; } [OK]
Hint: Await session, redirect if missing, pass user in props [OK]
Common Mistakes:
  • Not awaiting the session Promise
  • Redirecting when session exists instead of missing
  • Checking session.user without confirming session exists