I’m developing an application with MongoDB Realm for authentication, focusing on secure session management in an SSR (Server-Side Rendering) context.
My approach involves storing the Realm access token in cookies client-side after login, then accessing these cookies in server-side. This is crucial for SSR, where server-side logic needs user context pre-render.
Below is the code snippet illustrating my current approach to handling authentication with MongoDB Realm, including storing the access token in cookies on the client-side and accessing it on the server-side for SSR purposes. I’m keen to understand if there are more secure or efficient methods using the Realm SDK to achieve this, or if there are any potential pitfalls with my current implementation that I should be aware of.
// client
var app = new App({
id: PUBLIC_REALM_APP_ID
});
var email = "test@gmail.com";
var password = "123456";
var credentials = Credentials.emailPassword(email, password);
var user = await app.logIn(credentials);
document.cookie = `access_token=${user.accessToken}; path=/;`
// server
var access_token = cookies.get('access_token');
var user = jwtDecode(access_token);
assert(user);
Regards,
Ilyass