1
00:00:00,000 --> 00:00:04,000
So, now that we initialized Lucia, we can

2
00:00:04,000 --> 00:00:07,000
add a new function to this auth.js file, a

3
00:00:07,000 --> 00:00:10,000
function which I'll export and which

4
00:00:10,000 --> 00:00:11,000
should be async.

5
00:00:11,000 --> 00:00:13,000
And I'll name this function

6
00:00:13,000 --> 00:00:15,000
createAuthSession.

7
00:00:16,000 --> 00:00:19,000
And this function should do what the

8
00:00:19,000 --> 00:00:20,000
name suggests.

9
00:00:20,000 --> 00:00:23,000
For a given user, it should create and

10
00:00:23,000 --> 00:00:26,000
store a new session in that sessions

11
00:00:26,000 --> 00:00:29,000
database table and it should then set

12
00:00:29,000 --> 00:00:32,000
such a cookie that's attached to the

13
00:00:32,000 --> 00:00:33,000
outgoing request.

14
00:00:35,000 --> 00:00:38,000
Now therefore here, I expect to get the

15
00:00:38,000 --> 00:00:40,000
ID of the user to whom the session

16
00:00:40,000 --> 00:00:42,000
belongs as an input.

17
00:00:42,000 --> 00:00:45,000
We could also use the email, but I prefer

18
00:00:45,000 --> 00:00:47,000
to use the user ID.

19
00:00:48,000 --> 00:00:51,000
And we can then use this Lucia object to

20
00:00:51,000 --> 00:00:52,000
create a new session.

21
00:00:53,000 --> 00:00:55,000
And under the hood, this will create a

22
00:00:55,000 --> 00:00:57,000
new entry in that sessions database

23
00:00:57,000 --> 00:01:00,000
table and it will create a new unique

24
00:01:00,000 --> 00:01:03,000
session ID that belongs to that session.

25
00:01:05,000 --> 00:01:08,000
Now createSession then needs that user

26
00:01:08,000 --> 00:01:08,000
ID.

27
00:01:09,000 --> 00:01:11,000
So I'll pass that as a first argument to

28
00:01:11,000 --> 00:01:13,000
createSession.

29
00:01:13,000 --> 00:01:17,000
And it also takes a configuration object

30
00:01:17,000 --> 00:01:20,000
or some extra attributes we can store in

31
00:01:20,000 --> 00:01:22,000
that session, some extra data we can

32
00:01:22,000 --> 00:01:24,000
attach to that session here.

33
00:01:24,000 --> 00:01:27,000
But I don't want any extra data, so I'll set

34
00:01:27,000 --> 00:01:28,000
this to an empty object.

35
00:01:30,000 --> 00:01:33,000
Now this will actually give us a promise,

36
00:01:33,000 --> 00:01:35,000
so I'll await this operation.

37
00:01:36,000 --> 00:01:37,000
And as a result, we get back a new

38
00:01:37,000 --> 00:01:38,000
session object.

39
00:01:40,000 --> 00:01:42,000
Now we can also get a session cookie

40
00:01:42,000 --> 00:01:46,000
that's in the end created by Lucia, or to

41
00:01:46,000 --> 00:01:50,000
be precise, we can get the data that

42
00:01:50,000 --> 00:01:52,000
should be set on a session cookie by

43
00:01:52,000 --> 00:01:54,000
Lucia by calling

44
00:01:54,000 --> 00:01:57,000
Lucia.createSessionCookie.

45
00:01:58,000 --> 00:02:02,000
And this function now wants the session

46
00:02:02,000 --> 00:02:04,000
ID as an input.

47
00:02:05,000 --> 00:02:07,000
We get that from our session, so from

48
00:02:07,000 --> 00:02:10,000
this session object here, and then there

49
00:02:10,000 --> 00:02:12,000
we have an ID property.

50
00:02:14,000 --> 00:02:16,000
So this will then give us an object that

51
00:02:16,000 --> 00:02:19,000
holds all the data that should be set on

52
00:02:19,000 --> 00:02:20,000
that session cookie.

53
00:02:20,000 --> 00:02:23,000
To now set that cookie on the outgoing

54
00:02:23,000 --> 00:02:27,000
response in a Next.js app, we can use a

55
00:02:27,000 --> 00:02:30,000
special cookies function which is

56
00:02:30,000 --> 00:02:33,000
actually provided by Next.js and which

57
00:02:33,000 --> 00:02:35,000
should be imported from next slash

58
00:02:35,000 --> 00:02:36,000
headers.

59
00:02:39,000 --> 00:02:41,000
That is a function that you can call

60
00:02:41,000 --> 00:02:44,000
anywhere in your Next.js code to access

61
00:02:44,000 --> 00:02:46,000
the cookie that belongs to the outgoing

62
00:02:46,000 --> 00:02:47,000
response.

63
00:02:47,000 --> 00:02:50,000
So to set new cookies on that response,

64
00:02:50,000 --> 00:02:51,000
for example.

65
00:02:52,000 --> 00:02:54,000
So here I'm calling cookies in

66
00:02:54,000 --> 00:02:57,000
createAuthSession, though it's worth

67
00:02:57,000 --> 00:03:01,000
mentioning that if you're using Next.js

68
00:03:01,000 --> 00:03:06,000
version 15 or higher, you actually have to

69
00:03:06,000 --> 00:03:08,000
await this call.

70
00:03:09,000 --> 00:03:12,000
If you're using Next.js version 14 or lower,

71
00:03:13,000 --> 00:03:15,000
and I initially recorded this section with

72
00:03:15,000 --> 00:03:19,000
Next.js 14, you actually don't need a wait.

73
00:03:20,000 --> 00:03:22,000
That's why you won't see a wait in this

74
00:03:22,000 --> 00:03:25,000
video because I recorded it with Next.js

75
00:03:25,000 --> 00:03:25,000
14.

76
00:03:26,000 --> 00:03:29,000
But if you're using Next.js 15 or higher,

77
00:03:29,000 --> 00:03:30,000
you will need to add a wait here.

78
00:03:31,000 --> 00:03:35,000
And then on the result of awaiting this

79
00:03:35,000 --> 00:03:40,000
call to cookies, you can call get, set, and

80
00:03:40,000 --> 00:03:44,000
so on to interact with the cookies of the

81
00:03:44,000 --> 00:03:47,000
request that is about to be sent back to

82
00:03:47,000 --> 00:03:47,000
the client.

83
00:03:48,000 --> 00:03:52,000
If you're using Next.js 14, you would

84
00:03:52,000 --> 00:03:55,000
directly call get or set on cookies like

85
00:03:55,000 --> 00:03:55,000
this.

86
00:03:56,000 --> 00:03:59,000
And actually, when using Next.js 15, you

87
00:03:59,000 --> 00:04:01,000
can also use this approach because

88
00:04:01,000 --> 00:04:04,000
when using Next.js 15, cookies actually

89
00:04:04,000 --> 00:04:07,000
supports both awaiting it or not

90
00:04:07,000 --> 00:04:07,000
awaiting it.

91
00:04:07,000 --> 00:04:10,000
But in the future, in future major Next.js

92
00:04:10,000 --> 00:04:13,000
versions, you'll always have to call await.

93
00:04:15,000 --> 00:04:18,000
So whenever you see me use cookies

94
00:04:18,000 --> 00:04:20,000
throughout this course, you should

95
00:04:20,000 --> 00:04:23,000
await it and then call set or get or

96
00:04:23,000 --> 00:04:25,000
whatever I'm doing on the result of

97
00:04:25,000 --> 00:04:26,000
awaiting this.

98
00:04:26,000 --> 00:04:29,000
And here I'll call set and set then actually

99
00:04:29,000 --> 00:04:32,000
takes multiple arguments, multiple

100
00:04:32,000 --> 00:04:35,000
values that will be set on a cookie.

101
00:04:36,000 --> 00:04:38,000
And the great thing about Lucia is that

102
00:04:38,000 --> 00:04:40,000
we can now use that session cookie

103
00:04:40,000 --> 00:04:44,000
object we got here and use the name

104
00:04:44,000 --> 00:04:48,000
and then also session cookie value and

105
00:04:48,000 --> 00:04:51,000
session cookie attributes.

106
00:04:53,000 --> 00:04:55,000
And that data is already in a format

107
00:04:55,000 --> 00:04:58,000
that's accepted by this set function to

108
00:04:58,000 --> 00:05:00,000
set a new cookie with a given value.

109
00:05:00,000 --> 00:05:04,000
name with specific values, the session ID

110
00:05:04,000 --> 00:05:07,000
in the end and some attributes that

111
00:05:07,000 --> 00:05:08,000
configure the cookie.

112
00:05:08,000 --> 00:05:11,000
For example, that secure setting which

113
00:05:11,000 --> 00:05:13,000
we set up here and some other things as

114
00:05:13,000 --> 00:05:13,000
well.

115
00:05:14,000 --> 00:05:17,000
So that's how we add that cookie that is

116
00:05:17,000 --> 00:05:21,000
in the end created or for which the data

117
00:05:21,000 --> 00:05:24,000
is in the end created by Lucia to the

118
00:05:24,000 --> 00:05:27,000
outgoing response just by calling this

119
00:05:27,000 --> 00:05:29,000
cookies function and using the set

120
00:05:29,000 --> 00:05:31,000
method on the returned object and this

121
00:05:31,000 --> 00:05:33,000
cookies function as mentioned is

122
00:05:33,000 --> 00:05:34,000
provided by Next.js.

123
00:05:36,000 --> 00:05:39,000
So that's how we create such a session,

124
00:05:39,000 --> 00:05:41,000
Lucia will automatically store it in a

125
00:05:41,000 --> 00:05:44,000
database and how we then add that

126
00:05:44,000 --> 00:05:47,000
session information or that session ID

127
00:05:47,000 --> 00:05:50,000
with help of a cookie to the outgoing

128
00:05:50,000 --> 00:05:53,000
response and the browser of the user

129
00:05:53,000 --> 00:05:56,000
who did try to log in will automatically

130
00:05:56,000 --> 00:05:58,000
store that cookie.

131
00:05:59,000 --> 00:06:00,000
And therefore we now as a next step

132
00:06:00,000 --> 00:06:04,000
need to call createAuthSession in our

133
00:06:04,000 --> 00:06:07,000
code whenever we want to initialize a

134
00:06:07,000 --> 00:06:08,000
new authentication session.