mirror of
https://github.com/supabase/supabase.git
synced 2026-07-06 15:44:23 +08:00
8 lines
530 B
Plaintext
8 lines
530 B
Plaintext
<Admonition type="danger">
|
|
|
|
Note that `auth.getSession` reads the auth token and the unencoded session data from the local storage medium. It _doesn't_ send a request back to the Supabase Auth server unless the local session is expired.
|
|
|
|
You should **never** trust the unencoded session data if you're writing server code, since it could be tampered with by the sender. If you need verified, trustworthy user data, call `auth.getUser` instead, which always makes a request to the Auth server to fetch trusted data.
|
|
|
|
</Admonition>
|