feat: allow disabling session auto-loading

README.md

@@ -600,6 +600,18 @@ This is because the user session is stored in a secure cookie and cannot be acce
 
 **This means that you should not rely on the user session during prerendering.**
 
+You may also choose to instruct Nuxt AUth Utils to not fetch automatically the user session, with the `disableAutoLoad` option in your `nuxt.config.ts`:
+
+```ts
+export default defineNuxtConfig({
+  auth: {
+    disableAutoLoad: true
+  }
+})
+```
+
+When using the `disableAutoLoad` option, the user session should be manually fetched by calling `fetch` from the `useUserSession` composable.
+
 ### `<AuthState>` component
 
 You can use the `<AuthState>` component to safely display auth-related data in your components without worrying about the rendering mode.
@@ -617,7 +629,7 @@ One common use case if the Login button in the header:
 </template>
 ```
 
-If the page is cached or prerendered, nothing will be rendered until the user session is fetched on the client-side.
+If the page is cached or prerendered, or the auto-loading of the session disabled and the session not manually fetched on the server side, nothing will be rendered until the user session is fetched on the client-side.
 
 You can use the `placeholder` slot to show a placeholder on server-side and while the user session is being fetched on client-side for the prerendered pages:
 

src/module.ts

@@ -39,6 +39,10 @@ export interface ModuleOptions {
      */
     scrypt?: ScryptConfig
   }
+  /**
+   * Disable automatically fething the session
+   */
+  disableAutoLoad?: boolean
 }
 
 declare module 'nuxt/schema' {
@@ -51,6 +55,11 @@ declare module 'nuxt/schema' {
      */
     session: SessionConfig
   }
+  interface PublicRuntimeConfig {
+    auth: {
+      disableAutoLoad?: boolean
+    }
+  }
 }
 
 export default defineNuxtModule<ModuleOptions>({
@@ -162,6 +171,13 @@ export default defineNuxtModule<ModuleOptions>({
       }
     }
 
+    // Publicly expose disableAutoLoad if needed
+    if (options.disableAutoLoad && runtimeConfig.public.auth?.disableAutoLoad === undefined) {
+      runtimeConfig.public.auth = defu(runtimeConfig.public.auth, {
+        disableAutoLoad: options.disableAutoLoad,
+      })
+    }
+
     // WebAuthn settings
     runtimeConfig.webauthn = defu(runtimeConfig.webauthn, {
       register: {},

src/runtime/app/plugins/session.client.ts

@@ -3,14 +3,16 @@ import {} from 'nuxt/app'
 import { defineNuxtPlugin, useUserSession, useError } from '#imports'
 
 export default defineNuxtPlugin(async (nuxtApp) => {
-  if (!nuxtApp.payload.serverRendered) {
-    await useUserSession().fetch()
-  }
-  else if (Boolean(nuxtApp.payload.prerenderedAt) || Boolean(nuxtApp.payload.isCached)) {
-    // To avoid hydration mismatch
-    nuxtApp.hook('app:mounted', async () => {
+  if (!nuxtApp.$config.public.auth.disableAutoLoad) {
+    if (!nuxtApp.payload.serverRendered) {
       await useUserSession().fetch()
-    })
+    }
+    else if (Boolean(nuxtApp.payload.prerenderedAt) || Boolean(nuxtApp.payload.isCached)) {
+      // To avoid hydration mismatch
+      nuxtApp.hook('app:mounted', async () => {
+        await useUserSession().fetch()
+      })
+    }
   }
 
   if (localStorage.getItem('temp-nuxt-auth-utils-popup')) {

src/runtime/app/plugins/session.server.ts

@@ -8,7 +8,9 @@ export default defineNuxtPlugin({
   async setup(nuxtApp) {
     // Flag if request is cached
     nuxtApp.payload.isCached = Boolean(useRequestEvent()?.context.cache)
-    if (nuxtApp.payload.serverRendered && !nuxtApp.payload.prerenderedAt && !nuxtApp.payload.isCached) {
+    if (nuxtApp.payload.serverRendered && !nuxtApp.payload.prerenderedAt && !nuxtApp.payload.isCached
+      && !nuxtApp.$config.public.auth.disableAutoLoad
+    ) {
       await useUserSession().fetch()
     }
   },