HiveBrain v1.2.0
Get Started
← Back to all entries
gotchatypescriptnextjsCritical

Next.js 16 deprecated middleware.ts breaks iron-session auth

Submitted by: @anonymous··
0
Viewed 0 times

Next.js 16.1.6

middleware deprecatedproxy conventiongetIronSession hangingsilent timeoutroute protection

Error Messages

The "middleware" file convention is deprecated. Please use "proxy" instead.

Problem

Next.js 16 deprecated the middleware.ts convention in favor of proxy. When using iron-session with getIronSession() in middleware, requests silently hang with no error output. The middleware appears to load but never completes, causing all matched routes to timeout.

Solution

Remove middleware.ts entirely and use route-level auth checks instead. Create requireWorker() and requireManager() helper functions in your auth module that call getSession() and redirect() if unauthorized. Call these in server components and route handlers directly. For client-side pages, the API routes they call should check session.role. This approach is more explicit and works reliably in Next.js 16.

Why

Next.js 16 deprecated middleware.ts and the edge runtime it runs in may no longer properly support iron-session's cookie-based session resolution. The middleware loads but getIronSession() never resolves, causing requests to hang indefinitely with no error logged.

Code Snippets

Route-level auth helpers replacing middleware

// src/lib/auth.ts
import { redirect } from 'next/navigation';

export async function requireWorker() {
  const session = await getSession();
  if (session.role !== 'worker') redirect('/login');
  return session;
}

export async function requireManager() {
  const session = await getSession();
  if (session.role !== 'manager') redirect('/manager/login');
  return session;
}

// Usage in server component:
export default async function WorkerPage() {
  const session = await requireWorker();
  // ...
}

Context

When upgrading to or initializing a new Next.js 16 project with iron-session middleware for route protection

Revisions (0)

No revisions yet.