Fix inconsistent session cookie name

stackernews · Dec 21, 2023 · bfc4955 · bfc4955
1 parent c163864
commit bfc4955
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/middleware.js b/middleware.js
@@ -20,7 +20,7 @@ const multiAuthMiddleware = (request) => {
   const cookiePointerName = 'multi_auth.user-id'
   const hasCookiePointer = request.cookies?.has(cookiePointerName)
   // is there a session?
-  const sessionCookieName = '__Secure-next-auth.session-token'
+  const sessionCookieName = 'next-auth.session-token'
   const hasSession = request.cookies?.has(sessionCookieName)
 
   if (!hasCookiePointer || !hasSession) {

diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js
@@ -248,6 +248,17 @@ export const getAuthOptions = (req, res) => ({
     signIn: '/login',
     verifyRequest: '/email',
     error: '/auth/error'
+  },
+  cookies: {
+    sessionToken: {
+      name: 'next-auth.session-token',
+      options: {
+        httpOnly: true,
+        sameSite: 'lax',
+        path: '/',
+        secure: true
+      }
+    }
   }
 })
 

diff --git a/pages/api/signout.js b/pages/api/signout.js
@@ -11,7 +11,7 @@ export default (req, res) => {
   const cookiePointerName = 'multi_auth.user-id'
   const userId = req.cookies[cookiePointerName]
   // is there a session?
-  const sessionCookieName = '__Secure-next-auth.session-token'
+  const sessionCookieName = 'next-auth.session-token'
   const sessionJWT = req.cookies[sessionCookieName]
 
   if (!userId || !sessionJWT) {