Back to Question Bank
IntermediateTECHNICAL
In a secure dashboard built with Next.js, how would you handle authentication and authorization end-to-end? Include where you’d verify sessions/tokens, how you’d protect sensitive pages and API routes, and how you’d avoid common security pitfalls in the browser.
Next.js Developer
General

Sample Answer

For a secure dashboard, I like to keep auth checks as close to the edge as possible. Typically I’ll use NextAuth or a custom JWT/session implementation with an `auth` middleware at `middleware.ts` to gate all `/dashboard` and `/api/private` routes. That middleware verifies an HttpOnly, secure, sameSite cookie, decodes the session, and redirects unauthenticated users before the page even renders. In the App Router, protected layouts are server components that call a shared `getSession` helper. That lets me do role checks (e.g. admin vs read-only) and pass down a minimal user object. Sensitive API routes re-validate the session and authorization on every request; no trusting client-side flags. On one internal tool with ~500 active users, this setup blocked 100% of unauthorized access attempts we saw in logs and cut auth-related bugs by about 60%. I also avoid localStorage for tokens, use CSRF tokens for mutations, and implement strict CSP headers.

Keywords

Use middleware for early auth checks on pages and APIsStore tokens in HttpOnly secure cookies, not localStorageRe-validate session and roles on server for every sensitive operationLayer in CSRF protection and sensible security headers like CSP
Related Questions

In your civil engineering studies, what specific design coursework or project work did you complete related to irrigation channels or canals (e.g., design of lined/unlined canals, distributaries, minors)? Describe one such design in detail, including how you determined discharge, permissible velocity, section dimensions, and lining choice for Gujarat-type soil and climate conditions.

IntermediateTECHNICAL

Based on your hydrology and irrigation engineering background, explain how you would estimate the irrigation water requirement for a kharif crop in a semi-arid region of Gujarat. Walk me through each step: from reference evapotranspiration estimation, crop coefficient selection, effective rainfall calculation, to arriving at canal discharge for a given command area.

IntermediateTECHNICAL

Walk me through a recent multi-channel digital marketing campaign you managed end-to-end. How did you set objectives, choose channels, allocate budget, and measure success?

IntermediateBEHAVIORAL

On your resume you mention working on a cross-functional project (e.g., involving multiple teams or stakeholders). Describe a situation from that project where priorities conflicted—how did you navigate the trade-offs and what was the final outcome?

IntermediateSITUATIONAL

Can you explain how you would tailor your sales approach for selling medical products in the telecommunications industry?

IntermediateSales Strategy
View more questions