Use __Secure cookie prefix

See https://www.sjoerdlangkemper.nl/2017/02/09/cookie-prefixes/
stackernews · Dec 21, 2023 · 1eb6665 · 1eb6665
1 parent 049bd75
commit 1eb6665
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/middleware.js b/middleware.js
@@ -20,7 +20,7 @@ const multiAuthMiddleware = (request) => {
   const cookiePointerName = 'multi_auth.user-id'
   const hasCookiePointer = request.cookies?.has(cookiePointerName)
   // is there a session?
-  const sessionCookieName = 'next-auth.session-token'
+  const sessionCookieName = '__Secure-next-auth.session-token'
   const hasSession = request.cookies?.has(sessionCookieName)
 
   if (!hasCookiePointer || !hasSession) {

diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js
@@ -251,7 +251,7 @@ export const getAuthOptions = (req, res) => ({
   },
   cookies: {
     sessionToken: {
-      name: 'next-auth.session-token',
+      name: '__Secure-next-auth.session-token',
       options: {
         httpOnly: true,
         sameSite: 'lax',

diff --git a/pages/api/signout.js b/pages/api/signout.js
@@ -11,7 +11,7 @@ export default (req, res) => {
   const cookiePointerName = 'multi_auth.user-id'
   const userId = req.cookies[cookiePointerName]
   // is there a session?
-  const sessionCookieName = 'next-auth.session-token'
+  const sessionCookieName = '__Secure-next-auth.session-token'
   const sessionJWT = req.cookies[sessionCookieName]
 
   if (!userId || !sessionJWT) {