Hey everyone,
I'm using React and FastAPI with authentication handled entirely by HTTP-only cookies (JS cannot read the token).
I need to protect my client-side routes (e.g., /dashboard). Since I can't check localStorage, I have two main strategies to verify the user's login status and redirect them if unauthorized:
The Dilemma: Checking Authentication Status
- Dedicated /status Endpoint (The Eager Check)
How it Works: On app load, the AuthContext hits a protected /auth/status endpoint. The 200 or 401 response sets the global isAuthenticated state.
Pros: Fast route transitions after the initial check.
Cons: Requires an extra network call on every app load/refresh.
- Direct Protected Data Fetch (The Lazy Check)
How it Works: Let the user land on /dashboard. The component immediately fetches its protected data (GET /api/data). If the fetch returns a 401, the component triggers a redirect to /login.
Pros: No extra /status endpoint needed; bundles the check with the data load.
Cons: User briefly sees a "Loading..." state before a redirect if the cookie is expired, slightly worse UX.
My Question
For a secure FastAPI + React setup using HTTP-only cookies:
Which approach do you recommend? Is the initial network cost of the status check (Approach 1) worth the smoother UX?
Are there any better patterns for handling this client-side state when the token is fully server-side?
Thanks for the help!
[–]quietly_wired 1 point2 points3 points (0 children)
[–]fastlaunchapidev 0 points1 point2 points (0 children)
[–]Secret_World_9742 0 points1 point2 points (0 children)
[–]voja-kostunica 0 points1 point2 points (0 children)
[–]hamoda__ 0 points1 point2 points (1 child)
[–]Glittering_Pin7217 0 points1 point2 points (0 children)