Server Utils

Session management

Nuxt session management

Session expiration and refresh

Nuxt OIDC Auth automatically checks if the session is expired and refreshes it if necessary. You can disable this behavior by setting expirationCheck and automaticRefresh to false in the session configuration. The session is automatically refreshed when the session object is accessed. You can also manually refresh the session using refresh from useOidcAuth on the client or on the server side by calling refreshUserSession(event).

Session expiration and refresh is handled completely server side, the exposed properties in the user session are automatically updated. You can theoretically register a hook that overwrites session fields like loggedInAt, but this is not recommended and will be overwritten with each refresh.

Using the session in server side code

You can access the user session in your server side code by using the getUserSession function from the @nuxtjs/oidc-auth module.

import { getUserSession } from 'nuxt-oidc-auth/runtime/server/utils/session.mjs'

export default eventHandler(async (event) => {
  const session = await getUserSession(event)
  return session.userName
})

Be careful to not expose any sensitive information from the handler code.


Copyright © 2024