ekzyis
/
stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use __Secure cookie prefix 

See https://www.sjoerdlangkemper.nl/2017/02/09/cookie-prefixes/
This commit is contained in:
ekzyis 2023-12-21 13:35:35 +01:00
parent 3e6748f94b
commit 1845db2da3
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
middleware.js
View File

@ -20,7 +20,7 @@ const multiAuthMiddleware = (request) => {
const cookiePointerName = 'multi_auth.user-id'
const hasCookiePointer = request.cookies?.has(cookiePointerName)
// is there a session?
const sessionCookieName = 'next-auth.session-token'
const sessionCookieName = '__Secure-next-auth.session-token'
const hasSession = request.cookies?.has(sessionCookieName)
if (!hasCookiePointer || !hasSession) {

2
pages/api/auth/[...nextauth].js
View File

@ -251,7 +251,7 @@ export const getAuthOptions = (req, res) => ({
},
cookies: {
sessionToken: {
name: 'next-auth.session-token',
name: '__Secure-next-auth.session-token',
options: {
httpOnly: true,
sameSite: 'lax',

2
pages/api/signout.js
View File

@ -11,7 +11,7 @@ export default (req, res) => {
const cookiePointerName = 'multi_auth.user-id'
const userId = req.cookies[cookiePointerName]
// is there a session?
const sessionCookieName = 'next-auth.session-token'
const sessionCookieName = '__Secure-next-auth.session-token'
const sessionJWT = req.cookies[sessionCookieName]
if (!userId || !sessionJWT) {