From 74304e2f75abc1630d0a49f8e6645e4087313ffe Mon Sep 17 00:00:00 2001
From: ekzyis <ek@stacker.news>
Date: Thu, 21 Dec 2023 10:08:23 +0100
Subject: [PATCH] Fix inconsistent session cookie name

---
 middleware.js                   |  2 +-
 pages/api/auth/[...nextauth].js | 11 +++++++++++
 pages/api/signout.js            |  2 +-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/middleware.js b/middleware.js
index 223c878f..dd9f47d1 100644
--- a/middleware.js
+++ b/middleware.js
@@ -20,7 +20,7 @@ const multiAuthMiddleware = (request) => {
   const cookiePointerName = 'multi_auth.user-id'
   const hasCookiePointer = request.cookies?.has(cookiePointerName)
   // is there a session?
-  const sessionCookieName = '__Secure-next-auth.session-token'
+  const sessionCookieName = 'next-auth.session-token'
   const hasSession = request.cookies?.has(sessionCookieName)
 
   if (!hasCookiePointer || !hasSession) {
diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js
index 2e1ec1ad..ecdb96a2 100644
--- a/pages/api/auth/[...nextauth].js
+++ b/pages/api/auth/[...nextauth].js
@@ -248,6 +248,17 @@ export const getAuthOptions = (req, res) => ({
     signIn: '/login',
     verifyRequest: '/email',
     error: '/auth/error'
+  },
+  cookies: {
+    sessionToken: {
+      name: 'next-auth.session-token',
+      options: {
+        httpOnly: true,
+        sameSite: 'lax',
+        path: '/',
+        secure: true
+      }
+    }
   }
 })
 
diff --git a/pages/api/signout.js b/pages/api/signout.js
index 55d40b16..7eca661c 100644
--- a/pages/api/signout.js
+++ b/pages/api/signout.js
@@ -11,7 +11,7 @@ export default (req, res) => {
   const cookiePointerName = 'multi_auth.user-id'
   const userId = req.cookies[cookiePointerName]
   // is there a session?
-  const sessionCookieName = '__Secure-next-auth.session-token'
+  const sessionCookieName = 'next-auth.session-token'
   const sessionJWT = req.cookies[sessionCookieName]
 
   if (!userId || !sessionJWT) {