Síneann an fíordheimhniú san App Router ar feadh roinnt sraitheanna — seisiúin, middleware, seiceanna ar an taobh freastalaí, agus cosaint ar Server Actions. An cur chuige nua-aimseartha is fearr fíordhheimhniú seisiúin ar an taobh freastalaí os cionn seiceanna ar an taobh cliant amháin.
Straitéis seisiúin
text
Cookie-based sessions (httpOnly cookie):
✓ Store a signed session id or encrypted JWT in an httpOnly, secure cookie
✓ httpOnly = not readable by JavaScript → protects against XSS token theft
✓ Use a library: Auth.js (NextAuth), Clerk, Lucia, or a custom solution
1. Gealadh tirim sa middleware (tapa, ach ní an scéal ar fad é)
ts
() {
session = req..()?.;
(req...() && !session) {
.( (, req.));
}
.();
}