Uthibitisho katika App Router inaenea katika tabaka kadhaa — vikali, middleware, ukaguzi wa upande wa seva, na kulinda Server Actions. Mkakati wa kisasa unakubaliana na ukaguzi wa vikali upande wa seva juu ya ukaguzi wa mteja tu.
Mkakati wa vikali
Cookie-based sessions (httpOnly cookie):
✓ Store a signed session id or encrypted JWT in an httpOnly, secure cookie
✓ httpOnly = not readable by JavaScript → protects against XSS token theft
✓ Use a library: Auth.js (NextAuth), Clerk, Lucia, or a custom solution
1. Kuzuia kwa ujumla katika middleware (kasi, lakini si hadithi nzima)
() {
session = req..()?.;
(req...() && !session) {
.( (, req.));
}
.();
}
