AgentSkillsCN

Next.js Authentication

采用 HttpOnly Cookie 进行安全的令牌存储,并遵循中间件模式。

SKILL.md
--- frontmatter
name: Next.js Authentication
description: Secure token storage (HttpOnly Cookies) and Middleware patterns.
metadata:
  labels: [nextjs, auth, security, cookies]
  triggers:
    files: ['middleware.ts', '**/auth.ts', '**/login/page.tsx']
    keywords: [cookie, jwt, session, localstorage, auth]

Authentication & Token Management

Priority: P0 (CRITICAL)

Use HttpOnly Cookies for token storage. Never use LocalStorage.

Key Rules

  1. Storage: Use cookies().set() with httpOnly: true, secure: true, sameSite: 'lax'. (Reference: Setting Tokens)
  2. Access: Read tokens in Server Components via cookies().get(). (Reference: Reading Tokens)
  3. Protection: Guard routes in middleware.ts before rendering. (Reference: Middleware Protection)

Anti-Pattern: LocalStorage

  • Security Risk: Vulnerable to XSS.
  • Performance Hit: Incompatible with Server Components (RSC). Forces client hydration and causes layout shift.

Related Topics

common/security-standards | server-components | app-router