// ── Auth: Logout ───────────────────────────────────────────────────────────── // POST /api/auth/logout // Clears the session cookie by setting Max-Age=0, effectively logging the // user out. Stateless — no server-side session invalidation needed. import { SESSION_COOKIE } from "@/lib/auth" // ── POST ───────────────────────────────────────────────────────────────────── export async function POST() { try { // Overwrite cookie with an immediate expiry (Max-Age=0) return new Response(JSON.stringify({ success: true }), { status: 200, headers: { "Content-Type": "application/json", "Set-Cookie": `${SESSION_COOKIE}=; HttpOnly; SameSite=Strict; Path=/; Max-Age=0${process.env.NODE_ENV === "production" ? "; Secure" : ""}`, }, }) } catch (error) { console.error("Logout error:", error) return new Response( JSON.stringify({ error: "Logout failed." }), { status: 500, headers: { "Content-Type": "application/json" } } ) } }