Bird
Raised Fist0
NextJSframework~10 mins

Session management in NextJS - Interactive Code Practice

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to import the Next.js session hook.

NextJS
import { [1] } from 'next-auth/react';
Drag options to blanks, or click blank then click option'
AuseSession
BgetSession
CsignIn
DsignOut
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'getSession' which is for server-side session fetching.
Confusing signIn or signOut as session hooks.
2fill in blank
medium

Complete the code to get the session data inside a React component.

NextJS
const { data: session, status } = [1]();
Drag options to blanks, or click blank then click option'
AfetchSession
BgetSession
CuseSession
DloadSession
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'getSession' which is asynchronous and used server-side.
Trying to call a non-existent function like 'fetchSession'.
3fill in blank
hard

Fix the error in the server-side session fetching code.

NextJS
import { getSession } from 'next-auth/react';

export async function getServerSideProps(context) {
  const session = await [1](context);
  return { props: { session } };
}
Drag options to blanks, or click blank then click option'
AgetSession
BloadSession
CuseSession
DfetchSession
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'useSession' server-side which is a React hook.
Calling non-existent functions like 'fetchSession'.
4fill in blank
hard

Fill both blanks to sign in a user with credentials and redirect after success.

NextJS
import { signIn } from 'next-auth/react';

async function handleLogin() {
  const result = await signIn('[1]', { redirect: [2] });
}
Drag options to blanks, or click blank then click option'
Acredentials
Btrue
Cfalse
Doauth
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'oauth' instead of 'credentials' for username/password login.
Setting redirect to true when manual handling is needed.
5fill in blank
hard

Fill all three blanks to create a session-aware API route that returns the user's email or an error.

NextJS
import { getSession } from 'next-auth/react';

export default async function handler(req, res) {
  const session = await [1](req[2]);
  if (!session) {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  res.status(200).json({ email: session.user[3] });
}
Drag options to blanks, or click blank then click option'
AgetSession
B.context
C.email
D.user
Attempts:
3 left
💡 Hint
Common Mistakes
Passing context instead of request to getSession in API routes.
Accessing session.email directly instead of session.user.email.

Practice

(1/5)
1. What is the main purpose of session management in Next.js applications?
easy
A. To remember user information between page visits
B. To style components dynamically
C. To optimize image loading
D. To handle API request routing

Solution

  1. Step 1: Understand session management concept

    Session management is about keeping track of user data across different pages or visits.

  2. Step 2: Identify the main purpose in Next.js

    Next.js uses session management to remember users, so they don't have to log in repeatedly or lose their data.

  3. Final Answer:

    To remember user information between page visits -> Option A

  4. Quick Check:

    Session management = Remember user info [OK]
Hint: Sessions keep user info across pages and visits [OK]
Common Mistakes:
  • Confusing session management with styling or routing
  • Thinking sessions optimize images
  • Believing sessions handle API routing only
2. Which of the following is the correct way to get the session on the server side in Next.js?
easy
A. const session = useSession();
B. const session = getServerSession();
C. const session = fetchSession();
D. const session = getSessionClient();

Solution

  1. Step 1: Recall server-side session retrieval method

    In Next.js, the function getServerSession() is used on the server to get the current session.

  2. Step 2: Check each option for correctness

    const session = useSession(); uses useSession(), which is client-side only. Options B and D are not valid Next.js functions.

  3. Final Answer:

    const session = getServerSession(); -> Option B

  4. Quick Check:

    Server session = getServerSession() [OK]
Hint: Use getServerSession() on server, useSession() on client [OK]
Common Mistakes:
  • Using useSession() on the server side
  • Assuming fetchSession() is a Next.js function
  • Confusing client and server session methods
3. Given this Next.js client component code snippet, what will be the output if the user is not logged in?
import { useSession } from 'next-auth/react';

export default function Profile() {
  const { data: session } = useSession();
  if (!session) return <p>Please log in</p>;
  return <p>Welcome, {session.user.name}</p>;
}
medium
A. <p>Please log in</p>
B. <p>Welcome, undefined</p>
C. Error: session is undefined
D. <p>Welcome, Guest</p>

Solution

  1. Step 1: Analyze the session check in the component

    The code checks if session is falsy (not logged in), then returns <p>Please log in</p> immediately.

  2. Step 2: Determine output when user is not logged in

    Since the user is not logged in, session is null or undefined, so the component returns <p>Please log in</p>.

  3. Final Answer:

    <p>Please log in</p> -> Option A

  4. Quick Check:

    Not logged in shows 'Please log in' [OK]
Hint: If no session, component returns 'Please log in' [OK]
Common Mistakes:
  • Assuming session.user.name exists when session is null
  • Expecting an error instead of conditional return
  • Thinking it shows 'Welcome, Guest' by default
4. Identify the error in this Next.js server-side session code:
import { getServerSession } from 'next-auth/next';

export async function getServerSideProps(context) {
  const session = await getServerSession(context);
  if (!session) {
    return { redirect: { destination: '/login', permanent: false } };
  }
  return { props: { user: session.user } };
}
medium
A. Returning props instead of redirect is incorrect
B. Using await without async function
C. Redirect destination should be '/home' not '/login'
D. Missing passing context to getServerSession

Solution

  1. Step 1: Check getServerSession usage

    The function getServerSession requires the request context to access cookies and headers, so it needs context.req and context.res or the full context passed.

  2. Step 2: Identify missing argument

    The code calls getServerSession() without arguments, which causes it to fail to read session data.

  3. Final Answer:

    Missing passing context to getServerSession -> Option D

  4. Quick Check:

    getServerSession needs context argument [OK]
Hint: Always pass context to getServerSession on server [OK]
Common Mistakes:
  • Forgetting to pass context to getServerSession
  • Confusing async/await usage
  • Incorrect redirect destination assumptions
5. You want to protect a Next.js page so only logged-in users can access it. Which approach correctly combines server and client session checks?
hard
A. Use getServerSession in the component to check session and redirect if missing.
B. Only use useSession in the component to check if user is logged in and redirect if not.
C. Use getServerSession in getServerSideProps to redirect unauthenticated users, and use useSession in the component to show loading or user info.
D. Use useSession in getServerSideProps to fetch session and redirect unauthenticated users.

Solution

  1. Step 1: Understand server-side protection

    Using getServerSession in getServerSideProps allows redirecting users before the page loads if they are not logged in.

  2. Step 2: Understand client-side session usage

    Using useSession in the component helps show loading states or user info once the page is loaded.

  3. Step 3: Evaluate options

    Use getServerSession in getServerSideProps to redirect unauthenticated users, and use useSession in the component to show loading or user info. correctly combines server-side redirect and client-side session display. The other options misuse server/client functions or locations.

  4. Final Answer:

    Use getServerSession in getServerSideProps to redirect unauthenticated users, and use useSession in the component to show loading or user info. -> Option C

  5. Quick Check:

    Server redirect + client session hook = Use getServerSession in getServerSideProps to redirect unauthenticated users, and use useSession in the component to show loading or user info. [OK]
Hint: Protect server-side, then show session client-side [OK]
Common Mistakes:
  • Trying to use client hooks on server
  • Not redirecting unauthenticated users server-side
  • Using server functions inside components