Heads up on a sharp edge: protecting routes via Zustand alone leaves a flash-of-protected-content because the store hydrates client-side after the route renders. The cleaner pattern in TanStack Start is to do the auth check in the route's beforeLoad (which runs on the server during SSR) and throw redirect({ to: '/sign-in' }) from there. Zustand is still useful for client-derived auth state like role flags, but the gate itself should be in the loader.
I'm a full stack web developer. My stack is Tanstack Start, Directus, Tailwindcss v4 and Shadcn. I like hosting my apps using a VPS managed by Coolify.
Heads up on a sharp edge: protecting routes via Zustand alone leaves a flash-of-protected-content because the store hydrates client-side after the route renders. The cleaner pattern in TanStack Start is to do the auth check in the route's beforeLoad (which runs on the server during SSR) and throw redirect({ to: '/sign-in' }) from there. Zustand is still useful for client-derived auth state like role flags, but the gate itself should be in the loader.
Thanks for the heads up