Session management
Session expiration and refresh
Nuxt OIDC Auth automatically checks if the session is expired and refreshes it if necessary. You can disable this behavior by setting expirationCheck
and automaticRefresh
to false
in the session
configuration.
The session is automatically refreshed when the session
object is accessed. You can also manually refresh the session using refresh
from useOidcAuth
on the client or on the server side by calling refreshUserSession(event)
.
Session expiration and refresh is handled completely server side, the exposed properties in the user session are automatically updated. You can theoretically register a hook that overwrites session fields like loggedInAt
, but this is not recommended and will be overwritten with each refresh.
Using the session in server side code
You can access the user session in your server side code by using the getUserSession
function from the @nuxtjs/oidc-auth
module.
import { getUserSession } from 'nuxt-oidc-auth/runtime/server/utils/session.mjs'
export default eventHandler(async (event) => {
const session = await getUserSession(event)
return session.userName
})
Be careful to not expose any sensitive information from the handler code.