matt/monacousa-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: resolve login redirect failures by removing cookie domain and implementing session data encryption
All checks were successful
Build And Push Image / docker (push) Successful in 3m9s
Details

Browse Source
This commit is contained in:
Matt
2025-08-07 13:01:39 +02:00
parent 2c545dcaaa
commit cbaedeb0a8
3 changed files with 13 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/api/auth/direct-login.post.ts
View File

@@ -236,17 +236,14 @@ export default defineEventHandler(async (event) => {
const sessionManager = createSessionManager();
const maxAge = !!rememberMe ? 60 * 60 * 24 * 30 : 60 * 60 * 24 * 7; // 30 days vs 7 days
// Don't set a domain for the cookie - let it default to the current domain
// Create the encrypted session data
const sessionData_json = JSON.stringify(sessionData);
const encrypted = sessionManager.encrypt(sessionData_json);
console.log(`🍪 Setting session cookie (Remember Me: ${!!rememberMe}) without explicit domain`);
// Create the session cookie string using the session manager
const sessionCookieString = sessionManager.createSession(sessionData, !!rememberMe);
// Parse the cookie string to get just the value
const cookieValue = sessionCookieString.split('=')[1].split(';')[0];
// Use Nuxt's setCookie helper with the encrypted value
setCookie(event, 'monacousa-session', cookieValue, {
// Use Nuxt's setCookie helper directly with the encrypted value
setCookie(event, 'monacousa-session', encrypted, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',