I used next-auth@beta in my Next project.
I also used credential provider to perform authentication against my database where it stores all the users in a MySQL table. Some basic information such as email and uid is added to the session. I could verify the result by calling const session = await auth(); where auth() is retrieved from export const { auth, signIn, signOut } = NextAuth({ ... }).
After successful login, a cookie authjs.session-token is created in the client's browser. The value looks like a JWT. After decoding the JWT, the payload is empty. The header contains alg, enc and kid.
So my first question is that if JWT payload is empty, where and how does authjs store all the sessoion data?
My second question is why does authks.session-token cookie change in every request?
