We're supposed to already provide a hook for this, right? And why are we not just passing a session to the AppProvider like you did in the example?

I'm going to modify this example to use useSession and an actual authentication service in a follow up. I've updated the wording in this PR to reflect that the SessionContext is being defined to serve as a mock authentication provider. Also, missed writing the step around passing the session to the AppProvider, great catch.

Maybe we can add this step at the end only, as it makes more sense to create the sign in page first.

Also technically we should be able to protect any pages, not just the pages with the dashboard layout, I guess...
But because useSession probably needs the AppProvider to wrap it this would probably add another level to the React Router configuration, which starts to get kind of cumbersome...
So I think this should be fine for now. Eventually we might even have a better, automatic way to configure protected pages/routes.

Agree, I've reflected that the user is free to protect any other page or layout using a similar process

Are the 2 different examples a bit redundant now? Maybe we should have just one, to match what we do with Next.js

Agreed, we could potentially remove the original example as a follow up to this

Depending on what feedback we get from users eventually we can replace this example with actual external auth providers like Auth0 and Firebase. But as a generic first step this is probably fine for now.

Agreed, for the follow up to modify this example to use Auth0/Firebase/Supabase and the useSession hook