Add `tryGetSession` (or `getSessionOrNull`) that doesn't create a new entry in a database to `SessionStorage` interface #14424

tats-u · 2025-10-06T05:01:30Z

tats-u
Oct 6, 2025

getSession always runs createSession when readData cannot find a corresponding entry.
Another method that does not run createSession in such a case is required when you develop a member-only application and expose its login page to the public.
If createSession is called too many times (e.g. by DoS attack), the performance of a database can be degraded, especially when you use only RDBMS and do not combine it with KVS NoSQL (e.g. Redis/Valkey).

  getSession: (
    cookieHeader?: string | null,
    options?: ParseOptions
  ) => Promise<Session<Data, FlashData>>;

vs

  tryGetSession: (
    cookieHeader?: string | null,
    options?: ParseOptions
  ) => Promise<Session<Data, FlashData> | null>;

react-router/packages/react-router/lib/server-runtime/sessions.ts

Lines 266 to 270 in 255ac96

    
           async getSession(cookieHeader, options) { 
        
             let id = cookieHeader && (await cookie.parse(cookieHeader, options)); 
        
             let data = id && (await readData(id)); 
        
             return createSession(data || {}, id || ""); 
        
           },

The current getSession will perform a wasteful operation even if an user has no merit to receive a session data.

vs

 async tryGetSession(cookieHeader, options) { 
   let id = cookieHeader && (await cookie.parse(cookieHeader, options)); 
   let data = id && (await readData(id)); 
   return data ? createSession(data, id) : null;
 },

As you might notice, it returns just null without creating new one when no entry.

const session = await tryGetSession(
  request.headers.get("Cookie"),
);
if (session == null) {
  return redirect("/login");
}

// Login page
const session = await tryGetSession(
  request.headers.get("Cookie"),
);
if (session != null) {
  return redirect("/");
}

This will not be a breaking change unless you use third party session libraries. However, an author of a third party session library have to modify their library to implement this method. Unfortunately JavaScript/TypeScript cannot provide default method implementations in an interface unlike Java or C#.

tats-u · 2025-10-23T03:25:34Z

tats-u
Oct 23, 2025
Author

Implementation:

dev...tats-u:react-router:session-get

0 replies

tats-u · 2025-10-23T03:26:56Z

tats-u
Oct 23, 2025
Author

Creating a session when the user has no intention of logging in is a waste of resources.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Add `tryGetSession` (or `getSessionOrNull`) that doesn't create a new entry in a database to `SessionStorage` interface #14424

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Add tryGetSession (or getSessionOrNull) that doesn't create a new entry in a database to SessionStorage interface #14424

Uh oh!

Uh oh!

tats-u Oct 6, 2025

Replies: 2 comments

Uh oh!

tats-u Oct 23, 2025 Author

Uh oh!

tats-u Oct 23, 2025 Author

Add `tryGetSession` (or `getSessionOrNull`) that doesn't create a new entry in a database to `SessionStorage` interface #14424

tats-u
Oct 6, 2025

tats-u
Oct 23, 2025
Author

tats-u
Oct 23, 2025
Author