hi, what’s the best way to protect from viewing pages to an user not logged in.
i’m using supabase as db. my first approach is to verify if there is a session (with the .get_session() apI) and then rendering the page with rx.cond. but i think it’s not the best way
Theres a minimal example in the reflex-examples repo (reflex-examples/twitter/twitter/twitter.py at ecdc69d32f27572c3475c93add8da6b959906a25 · reflex-dev/reflex-examples · GitHub) that gives the same idea. You can have an event handler that handles the logic of whether a user is logged in, which should be called when the page loads
I guess what he hopes for is that:
without auth, the component will not render (even at the code level).
On the other hand, on_load first shows the component and then executes the code of on_load, which can result in the component being known to the user before passing through auth.
It’s like preventing some spiders without auth.
Is that so?
Chinese:
我猜想他希望的是:如果没有通过auth,component就不会渲染(即便是在code层面也无法看到)。而on_load则是先show component,然后再执行on_load的code,这会导致component在通过auth之前被用户得知。就像是防止一些没有auth的爬虫。是这样吗?