Fix double login: set cookie on response object, invalidate sessions on dev restart
- Move cookie setting from cookies().set() to response.cookies.set() in login/logout routes (Next.js 15 ambient cookie merge is unreliable) - Generate random JWT_SECRET at module scope in auth.ts for dev mode so every server start invalidates all prior sessions - Replace blank page on auth failure with redirect to /login in dashboard layout - Preserve ?redirect= param from middleware in login form - Wrap login page in Suspense boundary for useSearchParams() Fixes: double-login bug, session persistence across restarts, blank page on session expiry
This commit is contained in:
+4
-1
@@ -2,8 +2,11 @@ import { SignJWT, jwtVerify } from "jose";
|
||||
import bcrypt from "bcryptjs";
|
||||
import { query } from "@/lib/db";
|
||||
import { cookies } from "next/headers";
|
||||
import crypto from "crypto";
|
||||
|
||||
const RAW_SECRET = process.env.JWT_SECRET;
|
||||
const RAW_SECRET = process.env.NODE_ENV === "production"
|
||||
? process.env.JWT_SECRET
|
||||
: crypto.randomUUID();
|
||||
if (!RAW_SECRET) {
|
||||
throw new Error("JWT_SECRET environment variable is required");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user