Pocketbase instance for multiple users #4924
Replies: 1 comment 1 reply
-
You are overthinking it. Creating a new SDK instance is not much different than calling
If you use a global object you are introducing a security vulnerability (this is not unique to PocketBase) because requests from different users will write over the same object (in your case You need a new local instance per request because you need to store somewhere the unique request auth data. As a side-note, I'll paste a reply from another discussion:
|
Beta Was this translation helpful? Give feedback.
-
What is the recommended way of handling multiple users using pocketbase authentication?
I'm using sveltekit and most of the tutorials I've watched had put the pocketbase instance in sveltekit event.locals (i.e. event.locals.pb). This means that every request on the server, a new pocketbase instance will get instantiated which I think is expensive.
Is this the best practice, or should I put pocketbase instance in a singleton class instead and not pass to event.locals?
For context, I'm creating an app that can support multiple databases, and one of them is pocketbase.
Beta Was this translation helpful? Give feedback.
All reactions