Merge pull request #205 from UWB-ACM/fix-dev-session

UWB-ACM-OFFICIAL · web-flow · commit fcd38100a8fe · 2025-05-24T14:29:15.000-07:00
Fix sessions in development
diff --git a/src/util/logout.ts b/src/util/logout.ts
@@ -3,17 +3,18 @@
 import { cookies } from "next/headers";
 import { redis } from "@/src/util/redis";
 import { buildKey } from "@/src/util/redis";
+import { cookieName } from "@/src/util/session";
 
 /**
  * Function to log out a user by deleting their session from Redis and clearing their session cookie. Redirection handled in handleLogout().
  */
 export async function logoutUser() {
     const cookieStore = await cookies();
-    const sessionCookie = cookieStore.get("__Host-session-uwbh25");
+    const sessionCookie = cookieStore.get(cookieName);
 
     if (sessionCookie?.value) {
         await redis.del(buildKey("session", sessionCookie.value));
-        cookieStore.delete("__Host-session-uwbh25");
+        cookieStore.delete(cookieName);
 
         console.log("User logged out successfully.");
     }
diff --git a/src/util/session.ts b/src/util/session.ts
@@ -5,6 +5,11 @@ import { buildKey, redis } from "@/src/util/redis";
 import { NextRequest, NextResponse } from "next/server";
 import { User } from "./dataTypes";
 
+export const cookieName =
+    process.env.NODE_ENV === "development"
+        ? "session-uwbh25-dev"
+        : "__Host-session-uwbh25";
+
 /**
  * The time that a session should last for, in seconds.
  */
@@ -53,7 +58,7 @@ export interface Session {
 export async function getSession(): Promise<Session> {
     const cookieStore = await cookies();
 
-    const cookie = cookieStore.get("__Host-session-uwbh25");
+    const cookie = cookieStore.get(cookieName);
     if (!cookie?.value) {
         console.error("No session cookie found.");
         return {};
@@ -73,7 +78,7 @@ export async function getSession(): Promise<Session> {
  * Ensures that a request/response has a session
  */
 export async function ensureSession(req: NextRequest, res: NextResponse) {
-    const cookie = req.cookies.get("__Host-session-uwbh25");
+    const cookie = req.cookies.get(cookieName);
 
     // If we have a cookie, ensure that it points to a valid session.
     // Otherwise, create a new one.
@@ -99,19 +104,20 @@ export async function ensureSession(req: NextRequest, res: NextResponse) {
     const expiresAt = new Date(Date.now() + sessionTimeSeconds * 1000);
 
     res.cookies.set({
-        name: "__Host-session-uwbh25",
+        name: cookieName,
         value: newSessionId,
         expires: expiresAt,
         httpOnly: true,
-        secure: true,
+        // Development isn't a secure context.
+        secure: process.env.NODE_ENV !== "development",
         sameSite: "strict",
     });
 
     // Also set the request header so that any server
     // side code has the right session ID.
     // This doesn't write any cookies.
     req.cookies.set({
-        name: "__Host-session-uwbh25",
+        name: cookieName,
         value: newSessionId,
     });
 }
@@ -125,7 +131,7 @@ export async function ensureSession(req: NextRequest, res: NextResponse) {
 export async function saveSession(data: Session): Promise<void> {
     const cookieStore = await cookies();
 
-    const cookie = cookieStore.get("__Host-session-uwbh25");
+    const cookie = cookieStore.get(cookieName);
     if (!cookie?.value) {
         // This shouldn't happen, since every user should
         // have a session.
