question about accessing sessions

[avnav0]

right now i create a session when the user signs in with google:

		const currentTime = new Date().getTime()
		const sessionDuration = 1000 * 60 * 60 * 8;
		const activeExpires = currentTime + sessionDuration;
		const idleDuration = 1000 * 60 * 60 * 24;
		const idleExpires = activeExpires + idleDuration;
		const session = await initLucia(env).createSession({
			userId: user.userId,
			attributes: {
				active_expires: activeExpires,
				idle_expires: idleExpires
			}
		});		

		const sessionCookie = initLucia(env).createSessionCookie(session);
		// redirect to profile page
		let headers = headers_to_use;
		headers.set('Set-Cookie', sessionCookie.serialize());
		headers.set('Location', AUTH_USER_URL);
		return new Response(null, {
			headers: headers,
			status: 302
		});

	}

when i check the browser's Application tab, i find the auth_session key with a corresponding id. which is awesome.

but it seems that it is httpOnly - so am not able to access via js on the client side where the user gets redirected to after sign in. which i understand is for security pruposes.

but then what is the best way to validate the session? i have cloudflare wranglers running the backend. so i would need to send them the session id somehow. when i try to do a fetch - i see that nothing gets passed to the endpoint.

my goal is to validate the session - as well as return a user name and email so i can display it...

[avnav0]

ok i think i just had a hard time with docs.

the answer is middleware - using web() instead of sveltekit

this is actually super awesome