George

Future

Community Picks is a section on daily.dev where our community members share the most interesting and valuable content they've discovered online. From insightful articles to handy tools, every post is a gem curated by our dedicated coomunity. To contribute to Community Picks, you need to have at least 250 reputation points, ensuring that only active and trusted members can share their finds.

Community Picks

SvelteKit's server-side state management can potentially lead to information leakage if not handled carefully. The server, being shared and long-lived, might expose state data between different user sessions. It's crucial to understand the risks and apply best practices, such as using Svelte's Context API with unique keys, to maintain secure state management.

SvelteKit - Potential Information Leakage from the State

<p>By definition, you should never create an store at the Server Side. It is true that with Svelte 4, you can not import Writable stores in the +page.server.ts files ( is prevents that ), but what you do in the article could be done with Nuxt too. So this is a misconception by definition. Besides that, sensible data can be hidden with env variables and in any case, backend shouldn’t accept request if sessions are closed.</p>
