[Question]: getSession() in API returns null even when session exists when called via getServerSideProps

[aspctu]

Question 💬

In short, when securing an API route with getSession, any time a page attempts to fetch from the API, getSession returns null but if I go to the API link directly, it works as expected.

To test this, I have a test API route at the path pages/api/test.js that calls getSession({ req }) and returns True if a session is found, False if it isn't.

import { getSession } from 'next-auth/client'

export default async (req, res) => {
  const session = await getSession({ req })
  if (session) {
    // Signed in
    res.json({"valid" : true})
  } else {
    // Not Signed in
    res.json({"valid": false})
  }
  res.end()
}

I also have a basic Page component at pages/test/index.js. Via getServerSideProps, I fetch a response from the API and pass the response as a prop to the Page component. Every time, regardless if I'm signed in or not, the response from the test route is {valid: false}.

However, if I point my browser to localhost:3000/api/test, I receive the expected response. Any help here would be appreciated! I'm using Google Sign In with my own MySQL database.

How to reproduce ☕️

No response

Contributing 🙌🏽

Yes, I am willing to help answer this question in a PR

[aspctu]

Some more progress here:

It appears that when you call an API route from getServerSideProps, Next.js doesn't forward any auth cookies as they're in the browser vs. on the server where the request is being made from. This isn't a problem unless (like me), you've secured the API routes with getSession({req}) and NextAuth isn't finding a cookie. This is also why when you direct your browser to the API route, it returns the correct response.

I also noticed that @iaincollins had a protected-ssr example in the Example demo which did exactly this and in the example, he forwarded the browser cookies. I haven't tested this (yet) but it seems like from this issue highlights that the Vercel deployment platform doesn't support this.

[balazsorban44]

I think #1535, #2307 is related.