Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:02,090 --> 00:00:04,320 So let's start on the front end. 2 00:00:04,320 --> 00:00:07,510 And let's start utilizing the answer to the question 3 00:00:07,510 --> 00:00:11,650 whether a user is authenticated or not there. 4 00:00:11,650 --> 00:00:14,540 For example, I wanna make sure that the options 5 00:00:14,540 --> 00:00:16,780 in the header change based 6 00:00:16,780 --> 00:00:20,000 on whether we are authenticated or not. 7 00:00:20,000 --> 00:00:24,010 And again, Next.js makes that pretty easy for us. 8 00:00:24,010 --> 00:00:28,520 It is worth noting that after we locked in successfully, 9 00:00:28,520 --> 00:00:30,640 Next.js added a cookie. 10 00:00:30,640 --> 00:00:32,820 We can see this in the browser DevTools. 11 00:00:32,820 --> 00:00:34,710 If we go to application, 12 00:00:34,710 --> 00:00:37,230 cookies and select our domain. 13 00:00:37,230 --> 00:00:39,640 Here we see some cookies that were set 14 00:00:39,640 --> 00:00:43,210 and these are cookies which are generated 15 00:00:43,210 --> 00:00:46,320 and managed by Next.js. 16 00:00:46,320 --> 00:00:48,270 For example this session token 17 00:00:48,270 --> 00:00:51,053 is this Jason web token in the end. 18 00:00:52,090 --> 00:00:55,730 That was set automatically by Next.js 19 00:00:55,730 --> 00:00:58,540 when we logged in successfully. 20 00:00:58,540 --> 00:01:03,540 And it will also use that token automatically for us, 21 00:01:03,560 --> 00:01:06,810 when we try to change what we see on the screen, 22 00:01:06,810 --> 00:01:11,800 or when we try to send requests to protected resources. 23 00:01:11,800 --> 00:01:13,740 For example we can get the answer 24 00:01:13,740 --> 00:01:16,470 to whether the user is locked in or not, 25 00:01:16,470 --> 00:01:20,360 by finding out whether it's such a valid token exists. 26 00:01:20,360 --> 00:01:22,510 And we could come up with some code 27 00:01:22,510 --> 00:01:25,640 that allows us to do that manually though 28 00:01:25,640 --> 00:01:27,720 that code would involve that we need 29 00:01:27,720 --> 00:01:30,690 to send that cookie to the server 30 00:01:30,690 --> 00:01:34,190 and let the server decide whether it's valid or not. 31 00:01:34,190 --> 00:01:37,110 And hence, it's good that we don't have to do that. 32 00:01:37,110 --> 00:01:38,970 Instead if you wanna find out, 33 00:01:38,970 --> 00:01:40,730 if the user using this page 34 00:01:40,730 --> 00:01:43,500 at the moment is authenticated or not, 35 00:01:43,500 --> 00:01:47,600 Next.js gives us a convenient way of doing that. 36 00:01:47,600 --> 00:01:49,700 Let's say in our components, 37 00:01:49,700 --> 00:01:51,780 in the main navigation component, 38 00:01:51,780 --> 00:01:54,970 here I wanna show profile only 39 00:01:54,970 --> 00:01:57,570 if the user is authenticated. 40 00:01:57,570 --> 00:01:59,550 Since we use Next off, 41 00:01:59,550 --> 00:02:03,980 all we have to do for that is we have to import something 42 00:02:03,980 --> 00:02:06,720 from Next off client, 43 00:02:06,720 --> 00:02:11,090 and that's something now is to use session hook 44 00:02:11,090 --> 00:02:15,590 which we can use an any functional React component. 45 00:02:15,590 --> 00:02:20,230 Here we cannot call use session and use session 46 00:02:20,230 --> 00:02:25,040 will return an array with exactly two elements. 47 00:02:25,040 --> 00:02:28,400 It is an array where the first element 48 00:02:28,400 --> 00:02:32,330 is the session object describing the act of session, 49 00:02:32,330 --> 00:02:35,410 and the second element is loading 50 00:02:35,410 --> 00:02:37,970 which tells us wherever Next.js 51 00:02:37,970 --> 00:02:40,170 is currently still figuring out 52 00:02:40,170 --> 00:02:41,983 whether we are logged in or not. 53 00:02:43,440 --> 00:02:47,670 And then for the moment I'll just lock both all log loading 54 00:02:47,670 --> 00:02:50,783 and I will log session. 55 00:02:52,750 --> 00:02:55,130 If we do that and save this, 56 00:02:55,130 --> 00:02:56,920 and go back to the browser, 57 00:02:56,920 --> 00:02:59,570 to the console and reload, 58 00:02:59,570 --> 00:03:02,140 we see true and undefined and true 59 00:03:02,140 --> 00:03:04,890 and some object and false in some object. 60 00:03:04,890 --> 00:03:07,203 The first log is always the loading state. 61 00:03:08,320 --> 00:03:10,630 So you'll see, initially we're loading, 62 00:03:10,630 --> 00:03:15,360 we are finding out whether the user is authenticated or not. 63 00:03:15,360 --> 00:03:17,870 And hence, we got no session object yet, 64 00:03:17,870 --> 00:03:20,010 then at some point we're still loading 65 00:03:20,010 --> 00:03:22,190 but we actually do have that object yet, 66 00:03:22,190 --> 00:03:24,100 and hence then loading is false 67 00:03:24,100 --> 00:03:26,270 and we have that object still. 68 00:03:26,270 --> 00:03:27,690 And in that session object, 69 00:03:27,690 --> 00:03:32,320 we got that user data which we encoded into our token. 70 00:03:32,320 --> 00:03:34,760 And we got some expiration date 71 00:03:34,760 --> 00:03:38,910 which tells us when that session will expire automatically. 72 00:03:38,910 --> 00:03:40,820 Though it is worth noting 73 00:03:40,820 --> 00:03:43,860 that this session will be prolonged automatically, 74 00:03:43,860 --> 00:03:46,700 if the user is active. 75 00:03:46,700 --> 00:03:48,490 So now that we know what's in there, 76 00:03:48,490 --> 00:03:52,030 what we can do is we can change what we see based 77 00:03:52,030 --> 00:03:54,960 on these two pieces of information. 78 00:03:54,960 --> 00:03:59,100 And we can make sure that the profile link is only showing 79 00:03:59,100 --> 00:04:01,360 up if we have of a session. 80 00:04:01,360 --> 00:04:04,450 So note if we're still finding it out, 81 00:04:04,450 --> 00:04:08,870 and also note if we found it out but the answer is no. 82 00:04:08,870 --> 00:04:10,720 Only if we have a session 83 00:04:10,720 --> 00:04:15,720 then we showed this information in our header. 84 00:04:16,120 --> 00:04:18,209 So if I save this and reload, 85 00:04:18,209 --> 00:04:21,140 you'll see that profile flashes briefly 86 00:04:21,140 --> 00:04:24,910 because it's only loaded after a very short time duration. 87 00:04:24,910 --> 00:04:28,890 Once we found out that we do have a session to be precise. 88 00:04:28,890 --> 00:04:31,750 Now that flashing could be unpleasant here, 89 00:04:31,750 --> 00:04:34,810 and I'll come back to how we can optimize all 90 00:04:34,810 --> 00:04:37,340 of that later in this section. 91 00:04:37,340 --> 00:04:40,860 But that generally is how we can find out 92 00:04:40,860 --> 00:04:43,630 whether we are authenticated or not. 93 00:04:43,630 --> 00:04:45,390 Now we can utilize this to then 94 00:04:45,390 --> 00:04:46,227 for example, only show the log in link 95 00:04:46,227 --> 00:04:50,230 if we don't have a session. 96 00:04:50,230 --> 00:04:52,100 Only if we don't have a session, 97 00:04:52,100 --> 00:04:54,150 we wanna show the log in link. 98 00:04:54,150 --> 00:04:56,270 I actually also don't wanna show it 99 00:04:56,270 --> 00:04:58,040 whilst we're still loading though. 100 00:04:58,040 --> 00:05:01,140 So I wanna show it only if we don't have a session 101 00:05:01,140 --> 00:05:03,100 and we're not loading. 102 00:05:03,100 --> 00:05:04,450 So for not loading, 103 00:05:04,450 --> 00:05:06,760 and we then know that we have no session, 104 00:05:06,760 --> 00:05:09,480 then I wanna show the log in link. 105 00:05:09,480 --> 00:05:11,070 For the log out button, 106 00:05:11,070 --> 00:05:13,820 I only wanna show that if we do have a session 107 00:05:13,820 --> 00:05:16,010 because logging out only makes sense 108 00:05:16,010 --> 00:05:17,403 if we are logged in. 109 00:05:18,730 --> 00:05:20,050 With that out of the way, 110 00:05:20,050 --> 00:05:22,660 you'll see the log in link is now gone. 111 00:05:22,660 --> 00:05:25,580 Now I am still on the log in page 112 00:05:25,580 --> 00:05:28,260 because I can still visit that page. 113 00:05:28,260 --> 00:05:31,180 I'll show how we can prevent this later as well, 114 00:05:31,180 --> 00:05:33,900 but we now at least know how we can control 115 00:05:33,900 --> 00:05:36,800 what we see on the user interface. 116 00:05:36,800 --> 00:05:39,540 And that is an important first step. 117 00:05:39,540 --> 00:05:43,410 Now, before we dive deeper into route protection 118 00:05:43,410 --> 00:05:46,800 and how we can control which pages can be visited, 119 00:05:46,800 --> 00:05:49,120 and how we can optimize all of that, 120 00:05:49,120 --> 00:05:51,910 let's first of all, explore how we can log out 121 00:05:51,910 --> 00:05:55,373 so that we can also go back to log out state. 9343