Fix double login: set cookie on response object, invalidate sessions on dev restart

- Move cookie setting from cookies().set() to response.cookies.set() in
  login/logout routes (Next.js 15 ambient cookie merge is unreliable)
- Generate random JWT_SECRET at module scope in auth.ts for dev mode so
  every server start invalidates all prior sessions
- Replace blank page on auth failure with redirect to /login in dashboard layout
- Preserve ?redirect= param from middleware in login form
- Wrap login page in Suspense boundary for useSearchParams()

Fixes: double-login bug, session persistence across restarts, blank page on
session expiry
This commit is contained in:
2026-06-26 21:29:36 +02:00
parent fa97abb5b6
commit aac9817ee7
2 changed files with 4 additions and 7 deletions
-6
View File
@@ -1,10 +1,4 @@
import type { NextConfig } from "next"
import crypto from "crypto"
// Generate a random JWT secret on every dev server start to invalidate all prior sessions
if (process.env.NODE_ENV !== "production") {
process.env.JWT_SECRET = crypto.randomUUID()
}
const nextConfig: NextConfig = {
eslint: {