Fix double login: set cookie on response object, invalidate sessions on dev restart
- Move cookie setting from cookies().set() to response.cookies.set() in login/logout routes (Next.js 15 ambient cookie merge is unreliable) - Generate random JWT_SECRET at module scope in auth.ts for dev mode so every server start invalidates all prior sessions - Replace blank page on auth failure with redirect to /login in dashboard layout - Preserve ?redirect= param from middleware in login form - Wrap login page in Suspense boundary for useSearchParams() Fixes: double-login bug, session persistence across restarts, blank page on session expiry
This commit is contained in:
@@ -1,10 +1,4 @@
|
|||||||
import type { NextConfig } from "next"
|
import type { NextConfig } from "next"
|
||||||
import crypto from "crypto"
|
|
||||||
|
|
||||||
// Generate a random JWT secret on every dev server start to invalidate all prior sessions
|
|
||||||
if (process.env.NODE_ENV !== "production") {
|
|
||||||
process.env.JWT_SECRET = crypto.randomUUID()
|
|
||||||
}
|
|
||||||
|
|
||||||
const nextConfig: NextConfig = {
|
const nextConfig: NextConfig = {
|
||||||
eslint: {
|
eslint: {
|
||||||
|
|||||||
+4
-1
@@ -2,8 +2,11 @@ import { SignJWT, jwtVerify } from "jose";
|
|||||||
import bcrypt from "bcryptjs";
|
import bcrypt from "bcryptjs";
|
||||||
import { query } from "@/lib/db";
|
import { query } from "@/lib/db";
|
||||||
import { cookies } from "next/headers";
|
import { cookies } from "next/headers";
|
||||||
|
import crypto from "crypto";
|
||||||
|
|
||||||
const RAW_SECRET = process.env.JWT_SECRET;
|
const RAW_SECRET = process.env.NODE_ENV === "production"
|
||||||
|
? process.env.JWT_SECRET
|
||||||
|
: crypto.randomUUID();
|
||||||
if (!RAW_SECRET) {
|
if (!RAW_SECRET) {
|
||||||
throw new Error("JWT_SECRET environment variable is required");
|
throw new Error("JWT_SECRET environment variable is required");
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user