[dev][feature/bug] Client-side only (JWT cookie) authentication SSR issues

[silverbackdan]

I have an API which is authenticated via a cookie. It is http only, secure and same-site so the SSR login checks will not work, but the client-side will.

This results in a hydration error where the ssr and client-side rendering does not match. It'd be a nice feature to allow for this and when using login checks with v-if directives, this rendering issue does not happen.

Currently I'd have to surround all of these user-only elements/components on a page in a vue-client-only component (or equivalent).

What would your thoughts be on such a feature? Or is would this actually be considered a bug compared to the current released version?

[fire-papaya]

Another problem with client-only auth is middleware. If you stay on a page requiring user to be authenticated after page refresh user is sent to login page. I am using token-based authentication with vuex-persistedstate (client mode)

[silverbackdan]

Yes I agree and I think I mixed 2 issues together here - the problem is certainly 2-fold. 1 the user is not authenticated on SSR requests because it's a client-only cookie for security reasons and so will be redirected. Also I need to set auth property to false so we are not authenticating server-side I think.

It'd be great to have an option to skip server-side authentication if we are authenticating with a client's cookie. Unless I'm missing something here?

[silverbackdan]

I'm not sure how I could help with a contribution this module, but if we are agreed this is an issue and the best way to resolve it, I could try and see what I could do with a PR, at least start one to keep this issue moving.