## Migration guide for @frontegg/nextjs@9.1.1 The latest versions of `@frontegg/nextjs` now support Next.js 15, introducing additional enhancements and updates. In this release, the `getSessionOnEdge` function has been deprecated in favor of the new `handleSessionOnEdge` function. This new handler offers better flexibility and control for managing sessions on the edge. Alternatively, if you have complex session checks that don't require automatic redirection to the login page, you can use the `checkSessionOnEdge` function. This method will verify the session without redirecting, allowing you to handle invalid sessions manually. To migrate, replace instances of `getSessionOnEdge` with `handleSessionOnEdge` as shown in the example below: ### `handleSessionOnEdge` in `middleware.ts` ```typescript import { NextRequest } from 'next/server'; import { handleSessionOnEdge } from '@frontegg/nextjs/edge'; export const middleware = async (request: NextRequest) => { const { pathname, searchParams } = request.nextUrl; const headers = request.headers; // shouldByPassMiddleware from getSessionOnEdge was moved under the hood of handleSessionOnEdge // Additional logic if needed return handleSessionOnEdge({ request, pathname, searchParams, headers }); }; export const config = { matcher: '/(.*)', }; ``` ```typescript import { NextResponse } from 'next/server'; import type { NextRequest } from 'next/server'; import { getSessionOnEdge, shouldByPassMiddleware, redirectToLogin } from '@frontegg/nextjs/edge'; export const middleware = async (request: NextRequest) => { const pathname = request.nextUrl.pathname; if (shouldByPassMiddleware(pathname)) { return NextResponse.next(); } const session = await getSessionOnEdge(request); if (!session) { return redirectToLogin(pathname); } return NextResponse.next(); }; export const config = { matcher: '/(.*)', }; ``` ```typescript import { NextRequest } from 'next/server'; import { checkSessionOnEdge } from '@frontegg/nextjs/edge'; export const middleware = async (request: NextRequest) => { const { pathname, searchParams } = request.nextUrl; const headers = request.headers; // Additional logic if needed // check if it's a hosted login callback if (isHostedLoginCallback(pathname, searchParams)) { return handleHostedLoginCallback(request, pathname, searchParams); } // check if we should bypass the middleware if (shouldByPassMiddleware(pathname)) { return NextResponse.next(); } const session = await checkSessionOnEdge(request); if (!session) { // Handle the invalid session (e.g., custom redirect logic) return redirectToLogin(pathname, searchParams); } return NextResponse.next({ headers: session.headers, }); }; ``` ### `hostedLoginBox` replaced by `FRONTEGG_HOSTED_LOGIN` `hostedLoginBox:true` that was passed under `withFronteggApp` in **pages** directory. Is now required to be passed from the env.file ### `shouldByPassMiddleware` moved under `handleSessionOnEdge` The functionality is designed for the following: - To protect all application routes. - Static files and image requests. Currently it is implemented by default and the below are whitelisted. **The default whitelists:** - _next/static (static files) - _next/image (image optimization files) - favicon.icon (favicon file) - api/frontegg (API frontegg middleware) - account/[login|logout|saml/callback|...] (Frontegg authentication routes) The default whitelist can be overriden by passing the options parameter. **NOTE**: this will slow down your application due to session checks. ### Forwarding client IP for security rules and rate limits If you need to enforce security rules or rate limits based on the client's IP address, see [Forwarding Client IP guide](/ciam/sdks/frontend/next/forward-client-ip).