perf(core): precompute cookie store for request handling

[halvaradop]

Description

This pull request optimizes cookie store creation by precomputing cookie store instances for middleware usage and request handling. Previously, the cookie store was instantiated per request, introducing unnecessary overhead and creating a performance bottleneck under high load.

With this change, cookie stores are initialized ahead of time and reused based on the connection context (HTTP or HTTPS), separating secure and non-secure configurations. This reduces per-request resource consumption, improves throughput, and enhances overall runtime efficiency without altering existing cookie behavior.

[coderabbitai]

📝 Walkthrough

Walkthrough

Refactored cookie store initialization in the core index file by introducing two pre-initialized cookie store instances (secure and standard) to replace dynamic per-request creation. Expanded RouterConfig.context with new fields including trustedProxyHeaders, trustedOrigins, and logger, while extracting cookie configuration early in the setup process.

Changes

Cohort / File(s)

Summary

Cookie Store Initialization & Config Expansion packages/core/src/index.ts

Replaced inline and per-request cookie store creation with pre-initialized secureCookieStore and standardCookieStore instances. Extended RouterConfig.context with trustedProxyHeaders, trustedOrigins, and logger fields. Added early extraction of cookie configuration (cookiePrefix, cookieOverrides) to feed the new stores. Uses conditional logic to assign appropriate cookie store based on security context.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Cookie stores now prepped with care,
No more creation floating everywhere,
Secure and standard, ready to go,
Config expanded in elegant flow,
This little rabbit hops with delight! 🍪✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'perf(core): precompute cookie store for request handling' directly and clearly describes the main change: precomputing cookie stores for performance optimization in core request handling.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch perf/precompute-cookie-store

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

packages/core/src/index.ts (1)

36-46: Consider documenting the shared-store assumption.

The optimization relies on cookie stores being stateless/immutable. Adding a brief comment clarifies this contract for future maintainers and prevents accidental introduction of per-request state into createCookieStore.

📝 Suggested documentation

     const cookiePrefix = authConfig?.cookies?.prefix
     const cookieOverrides = authConfig?.cookies?.overrides ?? {}
+    // Cookie stores are stateless and safe to share across requests.
+    // Only the secure flag differs between instances.
     const secureCookieStore = createCookieStore(true, cookiePrefix, cookieOverrides, logger)
     const standardCookieStore = createCookieStore(false, cookiePrefix, cookieOverrides, logger)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/core/src/index.ts` around lines 36 - 46, Add a short comment above
the createCookieStore usage describing the shared-store assumption: state that
secureCookieStore and standardCookieStore are intended to be singleton,
stateless/immutable stores shared across requests and must not hold per-request
or mutable state; reference createCookieStore, secureCookieStore and
standardCookieStore so future maintainers know this contract and ensure any
changes to createCookieStore preserve that invariant.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@packages/core/src/index.ts`:
- Around line 36-46: Add a short comment above the createCookieStore usage
describing the shared-store assumption: state that secureCookieStore and
standardCookieStore are intended to be singleton, stateless/immutable stores
shared across requests and must not hold per-request or mutable state; reference
createCookieStore, secureCookieStore and standardCookieStore so future
maintainers know this contract and ensure any changes to createCookieStore
preserve that invariant.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8e25aef and 05cc17d.

📒 Files selected for processing (1)

• packages/core/src/index.ts

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
auth	Ready	Preview, Comment	Mar 3, 2026 7:07pm
auth-nextjs-demo	Ready	Preview, Comment	Mar 3, 2026 7:07pm