if current session of user exists in DB or not but after refresh redux state gets reset so how to implement private route using redux and passportjs session auth? Any idea why this is happening
Use the concept of "route guard" to apply what david said
yes I solved the problem of private routes on frontend using react router but as I am using httpOnly cookie session based auth I am making request to /auth endpoint which also checks if current logged in user session is valid or not. So everytime user navigates to private route I first make API call to check user session in DB. Just wanted to know is this solution good or do you recommend anything else ? cc: @blink_bat
You can wrap your react-router switch in a HOC which when rendered (this will render only the first time you open a private route, or when you refresh on a private route), will make an API call to check if the user is auth'd or not. There might be better ways around
but if user refreshes browser or manually changes url in browser that time request will be fired for validating user
see this code https://pastebin.com/LXSha8pc in private route I am making call to check if user has valid session now you are suggesting to have some kind of auth provider which wraps private routes or have state in redux is that what you are suggesting? I am making additional call to /auth route to check if current loggedin user has valid session or not can we eliminate this additional call to /auth route?
yea id suggest using redux to save the data you get from /auth route, now with some extra code, everytime the user switches to other private routes, /auth api call wont be called
If usser navigates by clicking button i.e history.push() that time redux state wont get reset but if user refreshes page or changes url manually then it will have to make call to /auth endpoint is that correct??
So basically it is not possible to eliminate making calls to /auth endpoint inside private route is that correct?
So do I need to maintain /auth endpoint as well as auth middleware in api route both ??
You would need to make API call to check if the user is auth'd or not everytime a private route is rendered unless you can manage it in state, like redux.
Regardless of what you are doing in frontend, I'd recommend to keep /auth route and auth middleware for every private routes
Why both ? Just curious?
From my perspective, /auth route is supposed to return crucial user data which is used for subsequent API calls. And auth middleware just to make sure that the requester is auth'd and authorised for the resource
In my case auth endpoint is returning only isLoggedIn variable from server. So if user session is valid auth endpoint will return isLoggedIn true or else false
This isLoggedIn variable is then stored in redux state variable which is used to navigate private routes in react router
Обсуждают сегодня