Improvement #31319
open
Improvement #31248: New Theme based Nextjs application dev analysis
Basic Next.js Setup and Architecture Implementation
Added by Sachin Suresh 4 months ago.
Updated 4 months ago.
Due date:
12/22/2025 (about 4 months late)
Estimated time:
16:00 h (Total: 44:00 h)
Description
This task covers the foundational setup of the Next.js 15 application, including the authentication architecture, API integration patterns, and global state management.
- Status changed from Assigned to In Progress
1. Technology Stack
Framework: Next.js 15 (App Router)
State Management: TanStack Query (React Query) v5
Session Management: iron-session (Encrypted, HTTP-only cookies)
- % Done changed from 0 to 50
implemented a secure, server-side session strategy to separate sensitive tokens from the client browser.
Middleware (
middleware.ts
): Handles global session initialization and persistence using iron-session. It assigns a unique sessionId to every visitor (Guest or User).
Token Store (
src/lib/token-store.ts
): An in-memory store that maps the sessionId (cookie) to the actual JWT Access/Refresh tokens. This ensures JWTs are never exposed to the client-side JavaScript (XSS protection).
Server Actions (
src/actions/auth-actions.ts
): Handles secure operations like
login
, token refresh, and guest recovery.
Resilience: Implemented logic to auto-recover Guest sessions if the server restarts (RAM cache cleared) but the browser still holds a valid cookie.
Also available in: Atom
PDF