Check if user is logged in

  • iampointi-1359858225113071968

    Stefan

    18 days ago

    Hi,

    I am trying to simply check if the user is logged in = has a session cookie "access_token".

    But if I get the cookie in a formula via "get http only cookie" it returns the placeholder {{cookies....}} - so it is never empty, also not if there is no cookie.

    Whats the best way to simply check if the user is logged in?

    PS: I dont want to make an api call just to now if the user is logged in.

    One idea would be to use session storage for that, but also not ideal I guess.
  • erikbeus-1359859927002251376

    Erik Beuschau

    18 days ago

    Http only cookies are not available in JS - and therefore in the toddle runtime. That formula is only returning a cookie's value during SSR/proxied request calls.
    Internally in the toddle editor, we use an API call to Supabase to check if a user is signed in. We call this during SSR as well.
  • iampointi-1359862390946271324

    Stefan

    18 days ago

    hmm okay didnt thought about that the runtime is JS and thats the reason.
    but would that mean that I also can't use this information in the fetch trigger for this api call? so I would need to make this call always, also if the token would be empty? (this is the case in 99,9% of my page calls)
  • erikbeus-1359863774160355551

    Erik Beuschau

    18 days ago

    I think you can add a formula to your autofetch call on your API that is only truthy if the http cookie exists. Then it should only run when the cookie is there
    👍1
  • iampointi-1360156277338280118

    Stefan

    17 days ago

    @Erik Beuschau is this something you have planned to implement? I can think of various use cases where it would make sense to render parts of a page different if a user is logged in/out. And doing that client side has some really bad downsides
  • erikbeus-1360156706226700319

    Erik Beuschau

    17 days ago

    What should we implement exactly? It's possible to render things during SSR so UI meant for authenticated users is never shown. You can also create separate pages that are only for authenticated users that will never load for unauthenticated users if you set up a redirect rule on an API response
  • iampointi-1360160880322674689

    Stefan

    17 days ago

    My initial question was "Whats the best way to simply check if the user is logged in?"
    especially to hide/show elements on the page
  • erikbeus-1360161604662067240

    Erik Beuschau

    17 days ago

    I think the best option atm is using an API call. You could also use session storage/non-http cookies, but that's assuming that you know how long the user will stay authenticated.
  • iampointi-1360174071542841415

    Stefan

    17 days ago

    Okay, yeah thats what I did now, using session storage (although client sided). Wanted to prevent making api calls on every page 🙂
  • erikbeus-1360176231751876669

    Erik Beuschau

    17 days ago

    I mean you could still avoid API calls for unauthenticated users using the autofetch strategy I mentioned here?
  • iampointi-1360227239349846188

    Stefan

    17 days ago

    Yeah right, that could work