Session Authentication Advanced Method Implementation Date

[cloudcompute]

Hi

By when this feature will be implemented? I believe this is very important. Is there any branch where this is getting implemented?

Thanks

[prisis]

Can you describe your issue a bit more?

[cloudcompute]

In the Session Authentication doc, it is mentioned that a developer can choose one among the two ways to manage sessions / authentication:
a. Essential method: It is implemented
b. Advanced method (JWT-based): if we look at the source code, it is not yet implemented. I am talking about this method.

Also, if someone can tell me whether the CSRF-related code is taking care of the OWASP recommendations:
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#use-of-custom-request-headers

I have not found any mention about this.

Thanks.

[beerose]

Hi @Ramandhingra,

The JWT based auth will be covered in the Blitz toolkit — please check out this RFC: #3075.

You can find some session auth related code here: https://github.com/blitz-js/blitz/blob/canary/nextjs/packages/next/stdlib-server/auth-sessions.ts.