How do you handle authentication in Remix?

Authentication in Remix uses the loader/action system with sessions. Login flow: action verifies credentials: const user = await verifyCredentials(email, password); if (!user) return json({ error: "Invalid credentials" }); const session = await sessionStorage.getSession(); session.set("userId", user.id); return redirect("/dashboard", { headers: { "Set-Cookie": await sessionStorage.commitSession(session) } }). Protected routes: loader checks session: const session = await sessionStorage.getSession(request.headers.get("Cookie")); const userId = session.get("userId"); if (!userId) return redirect("/login"); const user = await db.getUser(userId); return json({ user });. Auth helper: extract to a shared function: async function requireAuth(request) { ... }. remix-auth: popular library that provides strategy-based auth (OAuth, local, JWT). Clerk, Auth0, Supabase: third-party auth with Remix-specific SDKs. The session-based approach is straightforward and works with progressive enhancement — no JWT complexity needed for most apps.