-
-
Notifications
You must be signed in to change notification settings - Fork 432
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request]: Anonymous/Guest Sessions #1475
Comments
My big question here is that does the session for authenticated users and unauthenticated/guest/anonymous users need to be the same? Take GitHub for example. It maintains 2 types of sessions: |
Personal preference would definitely be a single Having multiple Plus, more cookies = slower requests. With a single |
One possible implementation - if Lucia's lucia/packages/lucia/src/core.ts Lines 123 to 126 in 12d4da4
Before SvelteKit & Lucia - my experience was with Django. Over there, the session middleware can be installed without auth middleware, and auth gets plugged in afterwards. All sessions are anonymous by default. This is actually a really nice architecture, as the session middleware is primarily concerned with data storage/access. Then, the session middleware provides methods that the auth middleware hooks into.
I don't think this is far from Lucia's current implementation... Lucia's adapters are kind of like Django's session middleware, and Lucia's core package is kind of like Django's auth middleware. To set session attributes for anonymous users, we could reimplement Lucia V2's The type Session = infer typeof user !== undefined ? DatabaseSessionAttributes : Partial<DatabaseSessionAttributes> |
That would be a nice addition to Lucia. |
I think an easier answer would be to just remove users from Lucia #1516 |
That would probably be the best way to do it. |
Package
lucia
Description
Many authentication frameworks offer "Guest" or "Anonymous" sessions to track user actions. For examples:
Use cases include multi-page sign-up flows, shopping carts for users without accounts, and temporary permissions for guest users (such as access to a conference call or whiteboard collaboration session).
Currently, Lucia sessions are tightly coupled to users. It might already be possible to represent anonymous sessions by creating "guest users", but I believe the most ergonomic developer experience would be having the Lucia library allow creating a session without an associated user.
Considerations:
The text was updated successfully, but these errors were encountered: