From 1845db2da3ca19c2c0450f8ce8c5d6226cc1fd48 Mon Sep 17 00:00:00 2001
From: ekzyis <ek@stacker.news>
Date: Thu, 21 Dec 2023 13:35:35 +0100
Subject: [PATCH] Use __Secure cookie prefix

See https://www.sjoerdlangkemper.nl/2017/02/09/cookie-prefixes/
---
 middleware.js                   | 2 +-
 pages/api/auth/[...nextauth].js | 2 +-
 pages/api/signout.js            | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/middleware.js b/middleware.js
index faca43f7..4e76ffdc 100644
--- a/middleware.js
+++ b/middleware.js
@@ -20,7 +20,7 @@ const multiAuthMiddleware = (request) => {
   const cookiePointerName = 'multi_auth.user-id'
   const hasCookiePointer = request.cookies?.has(cookiePointerName)
   // is there a session?
-  const sessionCookieName = 'next-auth.session-token'
+  const sessionCookieName = '__Secure-next-auth.session-token'
   const hasSession = request.cookies?.has(sessionCookieName)
 
   if (!hasCookiePointer || !hasSession) {
diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js
index ecdb96a2..b65021a7 100644
--- a/pages/api/auth/[...nextauth].js
+++ b/pages/api/auth/[...nextauth].js
@@ -251,7 +251,7 @@ export const getAuthOptions = (req, res) => ({
   },
   cookies: {
     sessionToken: {
-      name: 'next-auth.session-token',
+      name: '__Secure-next-auth.session-token',
       options: {
         httpOnly: true,
         sameSite: 'lax',
diff --git a/pages/api/signout.js b/pages/api/signout.js
index 7eca661c..55d40b16 100644
--- a/pages/api/signout.js
+++ b/pages/api/signout.js
@@ -11,7 +11,7 @@ export default (req, res) => {
   const cookiePointerName = 'multi_auth.user-id'
   const userId = req.cookies[cookiePointerName]
   // is there a session?
-  const sessionCookieName = 'next-auth.session-token'
+  const sessionCookieName = '__Secure-next-auth.session-token'
   const sessionJWT = req.cookies[sessionCookieName]
 
   if (!userId || !sessionJWT) {