Fix double login: set cookie on response object, invalidate sessions on dev restart
- Move cookie setting from cookies().set() to response.cookies.set() in login/logout routes (Next.js 15 ambient cookie merge is unreliable) - Generate random JWT_SECRET at module scope in auth.ts for dev mode so every server start invalidates all prior sessions - Replace blank page on auth failure with redirect to /login in dashboard layout - Preserve ?redirect= param from middleware in login form - Wrap login page in Suspense boundary for useSearchParams() Fixes: double-login bug, session persistence across restarts, blank page on session expiry
This commit is contained in:
@@ -1,10 +1,4 @@
|
||||
import type { NextConfig } from "next"
|
||||
import crypto from "crypto"
|
||||
|
||||
// Generate a random JWT secret on every dev server start to invalidate all prior sessions
|
||||
if (process.env.NODE_ENV !== "production") {
|
||||
process.env.JWT_SECRET = crypto.randomUUID()
|
||||
}
|
||||
|
||||
const nextConfig: NextConfig = {
|
||||
eslint: {
|
||||
|
||||
Reference in New Issue
Block a user