feat: enhance session cookie handling with domain configuration and expiration settings

2025-08-07 12:45:14 +02:00 · 2025-08-07 12:45:14 +02:00 · 57428f437c
parent c2c9f2fb8e
commit 57428f437c
1 changed files with 22 additions and 3 deletions
--- a/server/api/auth/direct-login.post.ts
+++ b/server/api/auth/direct-login.post.ts
@ -234,16 +234,35 @@ export default defineEventHandler(async (event) => {

    // Create session with appropriate expiration
    const sessionManager = createSessionManager();
-    const sessionCookie = sessionManager.createSession(sessionData, !!rememberMe);
+    const cookieDomain = process.env.COOKIE_DOMAIN || undefined;
+    const maxAge = !!rememberMe ? 60 * 60 * 24 * 30 : 60 * 60 * 24 * 7; // 30 days vs 7 days
    
-    // Set session cookie
-    setHeader(event, 'Set-Cookie', sessionCookie);
+    console.log(`🍪 Setting session cookie (Remember Me: ${!!rememberMe}) with domain:`, cookieDomain);
+    
+    // Create the session cookie string using the session manager
+    const sessionCookieString = sessionManager.createSession(sessionData, !!rememberMe);
+    
+    // Parse the cookie string to get just the value
+    const cookieValue = sessionCookieString.split('=')[1].split(';')[0];
+    
+    // Use Nuxt's setCookie helper with the encrypted value
+    setCookie(event, 'monacousa-session', cookieValue, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      domain: cookieDomain,
+      maxAge,
+      path: '/',
+    });
    
    // Clear failed attempts on successful login
    clearFailedAttempts(clientIP);
    
    console.log('✅ Login successful for user:', userInfo.email);

+    // Ensure we return a proper response with status
+    setResponseStatus(event, 200);
+    
    return {
      success: true,
      user: sessionData.user,