1 00:00:00,000 --> 00:00:03,000 So where do we call createAuthSession? 2 00:00:04,000 --> 00:00:09,000 Well, after logging a user in and after creating a user, 3 00:00:11,000 --> 00:00:14,000 so after going through that signup process, 4 00:00:14,000 --> 00:00:19,000 and therefore, it's in that signup server action function, 5 00:00:19,000 --> 00:00:21,000 right before I redirect 6 00:00:21,000 --> 00:00:25,000 where I wanna create such a new session. 7 00:00:25,000 --> 00:00:28,000 So it's in here where we can call createAuthSession. 8 00:00:30,000 --> 00:00:33,000 And for that, of course, we must import that function 9 00:00:33,000 --> 00:00:38,000 from that auth file and createAuthSession then wants the ID 10 00:00:39,000 --> 00:00:42,000 of the user for whom the session should be created. 11 00:00:44,000 --> 00:00:48,000 Well, here we can get that ID from createUser 12 00:00:48,000 --> 00:00:51,000 because there in the end I return that ID. 13 00:00:53,000 --> 00:00:57,000 So in the end, I will get my user ID here 14 00:00:58,000 --> 00:01:02,000 and I then wanna create that AuthSession 15 00:01:02,000 --> 00:01:06,000 and also redirect if everything worked inside 16 00:01:06,000 --> 00:01:07,000 of that try block. 17 00:01:08,000 --> 00:01:12,000 So now we can pass that user ID to createAuthSession 18 00:01:12,000 --> 00:01:16,000 and that then yields a promise, which I'll await 19 00:01:16,000 --> 00:01:19,000 and then there thereafter I'll redirect. 20 00:01:21,000 --> 00:01:25,000 So with that, I am now creating such a session 21 00:01:25,000 --> 00:01:27,000 whenever a new user is created. 22 00:01:27,000 --> 00:01:31,000 And to see that in action, I will delete 23 00:01:31,000 --> 00:01:34,000 that training.db database file 24 00:01:34,000 --> 00:01:37,000 so that the next time we restart the dev server, 25 00:01:37,000 --> 00:01:40,000 a new database will be created 26 00:01:40,000 --> 00:01:43,000 so that all existing users are cleared. 27 00:01:43,000 --> 00:01:45,000 And I then will stop my development server 28 00:01:45,000 --> 00:01:50,000 and restart it so that this new database is created. 29 00:01:50,000 --> 00:01:53,000 And if you then go back to your application 30 00:01:53,000 --> 00:01:55,000 and you create a new user 31 00:01:57,000 --> 00:02:01,000 with a valid email and password, we are redirected. 32 00:02:01,000 --> 00:02:04,000 But if you now open your developer tools 33 00:02:04,000 --> 00:02:07,000 and there you go to the application tab 34 00:02:08,000 --> 00:02:10,000 and then to cookies, 35 00:02:10,000 --> 00:02:14,000 and you select your address, localhost:3000, 36 00:02:14,000 --> 00:02:18,000 you should find a cookie there, which is that cookie 37 00:02:18,000 --> 00:02:20,000 that was created by Lucia. 38 00:02:21,000 --> 00:02:24,000 And that value which is stored in that cookie is, 39 00:02:24,000 --> 00:02:26,000 in the end, that session ID. 40 00:02:27,000 --> 00:02:31,000 So that's now this auth cookie which we sent back with help 41 00:02:31,000 --> 00:02:34,000 of that cookie's function, which was configured 42 00:02:34,000 --> 00:02:35,000 with help of Lucia. 43 00:02:35,000 --> 00:02:39,000 And the browser will automatically attach that cookie 44 00:02:39,000 --> 00:02:42,000 to any outgoing requests. 45 00:02:42,000 --> 00:02:45,000 So if I go to the network tab here, for example, 46 00:02:45,000 --> 00:02:48,000 and I reload this training page, you will see 47 00:02:48,000 --> 00:02:50,000 that on this first initial request 48 00:02:50,000 --> 00:02:53,000 to that page under headers, 49 00:02:53,000 --> 00:02:55,000 if you go to the request headers, 50 00:02:55,000 --> 00:02:59,000 you will see that this cookie is added. 51 00:03:00,000 --> 00:03:03,000 So this auth cookie was automatically added 52 00:03:04,000 --> 00:03:08,000 and therefore, if we wanna protect this page here 53 00:03:08,000 --> 00:03:13,000 and we wanna make it only accessible to logged in users, 54 00:03:13,000 --> 00:03:18,000 we need to check for the existence of that auth cookie 55 00:03:18,000 --> 00:03:20,000 and verify its validity. 56 00:03:20,000 --> 00:03:23,000 That's how we can protect this page. 57 00:03:23,000 --> 00:03:26,000 And that's therefore what I'll do next 58 00:03:26,000 --> 00:03:27,000 before I then thereafter 59 00:03:27,000 --> 00:03:30,000 will also add a log out functionality 60 00:03:30,000 --> 00:03:34,000 and a log in functionality, which is still missing. 61 00:03:34,000 --> 00:03:35,000 At the moment, 62 00:03:35,000 --> 00:03:38,000 we only get a new cookie if we create a new user, 63 00:03:38,000 --> 00:03:41,000 but we'll take care about logging users in soon.