Files
supabase/apps/docs/components/MDX/get_session_warning.mdx

8 lines
530 B
Plaintext

<Admonition type="danger">
Note that `auth.getSession` reads the auth token and the unencoded session data from the local storage medium. It _doesn't_ send a request back to the Supabase Auth server unless the local session is expired.
You should **never** trust the unencoded session data if you're writing server code, since it could be tampered with by the sender. If you need verified, trustworthy user data, call `auth.getUser` instead, which always makes a request to the Auth server to fetch trusted data.
</Admonition>