Right now, tokens are read using server load function and passed on to subsequent load functions. This value is then read in Lucia.svelte
component and set as the value of $session
(returned by getSession()
). This however leads to a few issues:
- #63
- #66
- Load function cannot run in parallel as it needs to use
await parent()
to retrieve user's session
With some hacks, I think some or all these issues can be addressed.
Load functions
I'm thinking of creating a load function that handles sessions for you, one for setting the session and one for load functions:
// +layout.server.ts
export const load: ServerLoad = sessionHandler()
// +page.ts
export const load: Load = loadHandler()
These handlers can take a callback function that can runs as a normal load function. Except, it allows you to use session
:
loadHandler((session, url) => {
const user = session.user
return {
message: "hello" // acts as a normal load function
}
})
As for server load functions, since we have access to cookies, we can just use read the cookie and call validateAccessToken()
.
If the load function is running in the browser, it can access global state safely and it'll be possible to get the latest session. This fixes #63. This also means that load functions running in the browser does not depend on parent load functions and can be ran in parallel. However, it might be possible to get the same behavior in the server, maybe. I'm still not sure, but since functions can be included in the object returned by load functions, this may allow for some magic to happen in the background. I think you can still get type safety as long as TS knows what loadHandler
is returning.
Client
With some new knowledge of Svelte, I think we can get rid of the wrapper:
const session = getSession() // automatically sets the session store
listenForTokenExpiration()
I'm open to feedback, and I hope any changes (this one or not) will streamline the experience!