layout before middleware | Next.js | Page 1

wet kindle Jul 21, 2025, 7:28 AM

In the next.js app router, I have middleware and there I checked session for /app path.
And in /app layout, I make assertion of session is always not null (otherwise throws an error)

But it seems like /app layout is called with out session check (without passing middleware)

Is it possible that /app layout invoked before middleware?

mental sparrowBOT Jul 21, 2025, 7:28 AM

Hi @wet kindle. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:

Based on the official Next.js documentation, Middleware is executed before rendering, including before layouts and pages. The documented execution order is:

headers from next.config.js
redirects from next.config.js
Middleware (rewrites, redirects, etc.)
beforeFiles (rewrites) from next.config.js
Filesystem routes (public/, _next/static/, pages/, app/, etc.)
afterFiles (rewrites) from next.config.js
Dynamic Routes (/blog/[slug])
fallback (rewrites) from next.config.js

This means Middleware should always run before your /app layout or any page/component is rendered, as long as the route matches your Middleware's matcher configuration. If your /app layout is being invoked without the session check from Middleware, possible reasons include:

The Middleware matcher is not correctly targeting the /app route.
There is a misconfiguration or bug causing Middleware not to run (see known issues below).

Important caveat:
Due to Partial Rendering and client-side navigation, layouts do not re-render on every route change. This means that if a user navigates client-side, the layout may not re-run, and thus, session checks in the layout may not be reliable for every navigation. Middleware, however, is only invoked on server-side navigations or full page reloads, not on all client-side transitions. This can lead to situations where the layout is rendered without a fresh Middleware check, especially during client-side navigation. The documentation explicitly warns against relying on layouts for auth checks for this reason, and recommends performing checks closer to your data source or in Middleware for initial access control Layouts and auth checks.

Known issues:
There are open and closed issues where Middleware does not always execute as expected, especially during client-side navigation or due to caching behavior in certain Next.js versions. For example, Middleware may not run on every client-side navigation, and sometimes only on the first visit or after a hard refresh Middleware sometimes doesn't executes Middleware not being triggered.

Summary:

Middleware should run before layouts, but due to client-side navigation and caching, this is not always guaranteed for every navigation.
Always ensure your Middleware matcher is correct.
For robust session checks, do not rely solely on layouts; use Middleware and/or checks close to your data source.

If you are seeing your /app layout invoked without Middleware running, it is likely due to client-side navigation or a known issue with Middleware execution in your Next.js version.

#layout before middleware

If you are seeing your /app layout invoked without Middleware running, it is likely due to client-side navigation or a known issue with Middleware execution in your Next.js version.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: