Secure SSR patterns
how to do session management with:
- Clerk
- Convex
the right way?
https://www.youtube.com/watch?v=EGDD0rlBd8Q
Jolly Coding
YouTube
STOP using Layouts for Authentication!
Layouts combined with Server Components are awesome, and allow us to make database calls right from out components. However, there is a common pitfall with them when it comes to how we think of their rendering order. This is critical if you are trying to hide specific content using a layout check, as you may find the content can still be exposed...
1 Reply
We can chat more in your support thread- tldr for others is that you should hide information behind auth checks in convex (which all runs server side so it’s easy to hide info) and hiding any special UI is done with dynamic page handling - middleware etc.
in my experience, showing an authenticated UI skeleton that has no data is not my concern, it’s only a concern when you server render privileged content into it. So you should put those checks where you get the privileged data- which generally is convex functions which all have the privilege of being server-side. If you are server rendering content from elsewhere you need the server non-react code as the arbiter.