Auth0’s useUser() attempts to fetch a logged in user from /api/auth/me, which calls handleAuth(), which initiates Auth0 (creates sessionCache instance, etc.) and calls profileHandler(req, res).
In the profileHandler, we see a call to sessionCache.isAuthenticated(req, res), which in turn checks the sessionCache instance for a previous session entry (key: req object, value: Encrypted object containing user info, access_token, id_token, etc.).
Since each API call, i.e. each call of handleAuth(), whether from /api/auth/me, /api/auth/login, or otherwise, is a separate serverless function call, will profileHandler (/api/auth/me) really ever find an entry in the sessionCache?
I know we add an entry there at login (in callbackHandler), but I do not understand how that cache value persists between two separate Serverless Function calls.
nextjs-auth0 states in the docs:
By default, the session is stateless and stored in an encrypted
cookie. But if you want a stateful session you can provide a store
withget,setanddestroymethods to store the session on the
server.
So, we know it is stateless.