From f624e88d7812e059351438f25100e087388fc34a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Delaporte?=
 <12201973+fredericdelaporte@users.noreply.github.com>
Date: Mon, 14 Jul 2025 16:35:39 +0200
Subject: [PATCH 1/2] feat: allow disabling session auto-loading

See #309
---
 src/module.ts                             |  6 ++++++
 src/runtime/app/plugins/session.client.ts | 16 +++++++++-------
 src/runtime/app/plugins/session.server.ts |  2 +-
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/module.ts b/src/module.ts
index b215622e..340fb07e 100644
--- a/src/module.ts
+++ b/src/module.ts
@@ -50,6 +50,7 @@ declare module 'nuxt/schema' {
      * Session configuration
      */
     session: SessionConfig
+    disableAuthAutoLoad?: boolean
   }
 }
 
@@ -495,5 +496,10 @@ export default defineNuxtModule<ModuleOptions>({
       tokenURL: '',
       userURL: '',
     })
+
+    // Publicly expose disableAuthAutoLoad if needed
+    if (runtimeConfig.disableAuthAutoLoad && runtimeConfig.public.disableAuthAutoLoad === undefined) {
+      runtimeConfig.public.disableAuthAutoLoad = runtimeConfig.disableAuthAutoLoad
+    }
   },
 })
diff --git a/src/runtime/app/plugins/session.client.ts b/src/runtime/app/plugins/session.client.ts
index f37e5dad..f95f64f5 100644
--- a/src/runtime/app/plugins/session.client.ts
+++ b/src/runtime/app/plugins/session.client.ts
@@ -3,14 +3,16 @@ import {} from 'nuxt/app'
 import { defineNuxtPlugin, useUserSession, useError } from '#imports'
 
 export default defineNuxtPlugin(async (nuxtApp) => {
-  if (!nuxtApp.payload.serverRendered) {
-    await useUserSession().fetch()
-  }
-  else if (Boolean(nuxtApp.payload.prerenderedAt) || Boolean(nuxtApp.payload.isCached)) {
-    // To avoid hydration mismatch
-    nuxtApp.hook('app:mounted', async () => {
+  if (!nuxtApp.$config.public.disableAuthAutoLoad) {
+    if (!nuxtApp.payload.serverRendered) {
       await useUserSession().fetch()
-    })
+    }
+    else if (Boolean(nuxtApp.payload.prerenderedAt) || Boolean(nuxtApp.payload.isCached)) {
+      // To avoid hydration mismatch
+      nuxtApp.hook('app:mounted', async () => {
+        await useUserSession().fetch()
+      })
+    }
   }
 
   if (localStorage.getItem('temp-nuxt-auth-utils-popup')) {
diff --git a/src/runtime/app/plugins/session.server.ts b/src/runtime/app/plugins/session.server.ts
index 5d1795c3..b4ade89e 100644
--- a/src/runtime/app/plugins/session.server.ts
+++ b/src/runtime/app/plugins/session.server.ts
@@ -8,7 +8,7 @@ export default defineNuxtPlugin({
   async setup(nuxtApp) {
     // Flag if request is cached
     nuxtApp.payload.isCached = Boolean(useRequestEvent()?.context.cache)
-    if (nuxtApp.payload.serverRendered && !nuxtApp.payload.prerenderedAt && !nuxtApp.payload.isCached) {
+    if (nuxtApp.payload.serverRendered && !nuxtApp.payload.prerenderedAt && !nuxtApp.payload.isCached && !nuxtApp.$config.disableAuthAutoLoad) {
       await useUserSession().fetch()
     }
   },

From a08e3815935368e2e9cec63bb7a71eb5d130351e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Delaporte?=
 <12201973+fredericdelaporte@users.noreply.github.com>
Date: Fri, 15 Aug 2025 19:52:30 +0200
Subject: [PATCH 2/2] chore: move the option to the auth option object

---
 README.md                                 | 14 +++++++++++++-
 src/module.ts                             | 22 ++++++++++++++++------
 src/runtime/app/plugins/session.client.ts |  2 +-
 src/runtime/app/plugins/session.server.ts |  4 +++-
 4 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 1006f11f..6d2c982f 100644
--- a/README.md
+++ b/README.md
@@ -600,6 +600,18 @@ This is because the user session is stored in a secure cookie and cannot be acce
 
 **This means that you should not rely on the user session during prerendering.**
 
+You may also choose to instruct Nuxt AUth Utils to not fetch automatically the user session, with the `disableAutoLoad` option in your `nuxt.config.ts`:
+
+```ts
+export default defineNuxtConfig({
+  auth: {
+    disableAutoLoad: true
+  }
+})
+```
+
+When using the `disableAutoLoad` option, the user session should be manually fetched by calling `fetch` from the `useUserSession` composable.
+
 ### `<AuthState>` component
 
 You can use the `<AuthState>` component to safely display auth-related data in your components without worrying about the rendering mode.
@@ -617,7 +629,7 @@ One common use case if the Login button in the header:
 </template>
 ```
 
-If the page is cached or prerendered, nothing will be rendered until the user session is fetched on the client-side.
+If the page is cached or prerendered, or the auto-loading of the session disabled and the session not manually fetched on the server side, nothing will be rendered until the user session is fetched on the client-side.
 
 You can use the `placeholder` slot to show a placeholder on server-side and while the user session is being fetched on client-side for the prerendered pages:
 
diff --git a/src/module.ts b/src/module.ts
index 340fb07e..148945bb 100644
--- a/src/module.ts
+++ b/src/module.ts
@@ -39,6 +39,10 @@ export interface ModuleOptions {
      */
     scrypt?: ScryptConfig
   }
+  /**
+   * Disable automatically fething the session
+   */
+  disableAutoLoad?: boolean
 }
 
 declare module 'nuxt/schema' {
@@ -50,7 +54,11 @@ declare module 'nuxt/schema' {
      * Session configuration
      */
     session: SessionConfig
-    disableAuthAutoLoad?: boolean
+  }
+  interface PublicRuntimeConfig {
+    auth: {
+      disableAutoLoad?: boolean
+    }
   }
 }
 
@@ -163,6 +171,13 @@ export default defineNuxtModule<ModuleOptions>({
       }
     }
 
+    // Publicly expose disableAutoLoad if needed
+    if (options.disableAutoLoad && runtimeConfig.public.auth?.disableAutoLoad === undefined) {
+      runtimeConfig.public.auth = defu(runtimeConfig.public.auth, {
+        disableAutoLoad: options.disableAutoLoad,
+      })
+    }
+
     // WebAuthn settings
     runtimeConfig.webauthn = defu(runtimeConfig.webauthn, {
       register: {},
@@ -496,10 +511,5 @@ export default defineNuxtModule<ModuleOptions>({
       tokenURL: '',
       userURL: '',
     })
-
-    // Publicly expose disableAuthAutoLoad if needed
-    if (runtimeConfig.disableAuthAutoLoad && runtimeConfig.public.disableAuthAutoLoad === undefined) {
-      runtimeConfig.public.disableAuthAutoLoad = runtimeConfig.disableAuthAutoLoad
-    }
   },
 })
diff --git a/src/runtime/app/plugins/session.client.ts b/src/runtime/app/plugins/session.client.ts
index f95f64f5..091db046 100644
--- a/src/runtime/app/plugins/session.client.ts
+++ b/src/runtime/app/plugins/session.client.ts
@@ -3,7 +3,7 @@ import {} from 'nuxt/app'
 import { defineNuxtPlugin, useUserSession, useError } from '#imports'
 
 export default defineNuxtPlugin(async (nuxtApp) => {
-  if (!nuxtApp.$config.public.disableAuthAutoLoad) {
+  if (!nuxtApp.$config.public.auth.disableAutoLoad) {
     if (!nuxtApp.payload.serverRendered) {
       await useUserSession().fetch()
     }
diff --git a/src/runtime/app/plugins/session.server.ts b/src/runtime/app/plugins/session.server.ts
index b4ade89e..9e901dc2 100644
--- a/src/runtime/app/plugins/session.server.ts
+++ b/src/runtime/app/plugins/session.server.ts
@@ -8,7 +8,9 @@ export default defineNuxtPlugin({
   async setup(nuxtApp) {
     // Flag if request is cached
     nuxtApp.payload.isCached = Boolean(useRequestEvent()?.context.cache)
-    if (nuxtApp.payload.serverRendered && !nuxtApp.payload.prerenderedAt && !nuxtApp.payload.isCached && !nuxtApp.$config.disableAuthAutoLoad) {
+    if (nuxtApp.payload.serverRendered && !nuxtApp.payload.prerenderedAt && !nuxtApp.payload.isCached
+      && !nuxtApp.$config.public.auth.disableAutoLoad
+    ) {
       await useUserSession().fetch()
     }
   },