feat: enhance session cookie handling with domain configuration and expiration settings

2025-08-07 12:45:14 +02:00 · 2025-08-07 12:45:14 +02:00 · 57428f437c
parent c2c9f2fb8e
commit 57428f437c
1 changed files with 22 additions and 3 deletions
--- a/server/api/auth/direct-login.post.ts
+++ b/server/api/auth/direct-login.post.ts
@ -234,16 +234,35 @@ export default defineEventHandler(async (event) => {
    // Create session with appropriate expiration
    const sessionManager = createSessionManager();
-    const sessionCookie = sessionManager.createSession(sessionData, !!rememberMe);
+    const cookieDomain = process.env.COOKIE_DOMAIN || undefined;
    const maxAge = !!rememberMe ? 60 * 60 * 24 * 30 : 60 * 60 * 24 * 7; // 30 days vs 7 days
-    // Set session cookie
+    console.log(`🍪 Setting session cookie (Remember Me: ${!!rememberMe}) with domain:`, cookieDomain);
-    setHeader(event, 'Set-Cookie', sessionCookie);
+    
    // Create the session cookie string using the session manager
    const sessionCookieString = sessionManager.createSession(sessionData, !!rememberMe);
    // Parse the cookie string to get just the value
    const cookieValue = sessionCookieString.split('=')[1].split(';')[0];
    // Use Nuxt's setCookie helper with the encrypted value
    setCookie(event, 'monacousa-session', cookieValue, {
      httpOnly: true,
      secure: process.env.NODE_ENV === 'production',
      sameSite: 'lax',
      domain: cookieDomain,
      maxAge,
      path: '/',
    });
    // Clear failed attempts on successful login
    clearFailedAttempts(clientIP);
    console.log('✅ Login successful for user:', userInfo.email);
    // Ensure we return a proper response with status
    setResponseStatus(event, 200);
    return {
      success: true,
      user: sessionData.user,