From 7e191d082fe7f86a3c8233e6afe6d11dcecbcc48 Mon Sep 17 00:00:00 2001 From: uellenberg Date: Sat, 24 May 2025 14:27:57 -0700 Subject: [PATCH] Fix sessions in development --- src/util/logout.ts | 5 +++-- src/util/session.ts | 18 ++++++++++++------ 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/util/logout.ts b/src/util/logout.ts index 6520bdc6..4826d694 100644 --- a/src/util/logout.ts +++ b/src/util/logout.ts @@ -3,17 +3,18 @@ import { cookies } from "next/headers"; import { redis } from "@/src/util/redis"; import { buildKey } from "@/src/util/redis"; +import { cookieName } from "@/src/util/session"; /** * Function to log out a user by deleting their session from Redis and clearing their session cookie. Redirection handled in handleLogout(). */ export async function logoutUser() { const cookieStore = await cookies(); - const sessionCookie = cookieStore.get("__Host-session-uwbh25"); + const sessionCookie = cookieStore.get(cookieName); if (sessionCookie?.value) { await redis.del(buildKey("session", sessionCookie.value)); - cookieStore.delete("__Host-session-uwbh25"); + cookieStore.delete(cookieName); console.log("User logged out successfully."); } diff --git a/src/util/session.ts b/src/util/session.ts index 297bf1f3..a586cd43 100644 --- a/src/util/session.ts +++ b/src/util/session.ts @@ -5,6 +5,11 @@ import { buildKey, redis } from "@/src/util/redis"; import { NextRequest, NextResponse } from "next/server"; import { User } from "./dataTypes"; +export const cookieName = + process.env.NODE_ENV === "development" + ? "session-uwbh25-dev" + : "__Host-session-uwbh25"; + /** * The time that a session should last for, in seconds. */ @@ -53,7 +58,7 @@ export interface Session { export async function getSession(): Promise { const cookieStore = await cookies(); - const cookie = cookieStore.get("__Host-session-uwbh25"); + const cookie = cookieStore.get(cookieName); if (!cookie?.value) { console.error("No session cookie found."); return {}; @@ -73,7 +78,7 @@ export async function getSession(): Promise { * Ensures that a request/response has a session */ export async function ensureSession(req: NextRequest, res: NextResponse) { - const cookie = req.cookies.get("__Host-session-uwbh25"); + const cookie = req.cookies.get(cookieName); // If we have a cookie, ensure that it points to a valid session. // Otherwise, create a new one. @@ -99,11 +104,12 @@ export async function ensureSession(req: NextRequest, res: NextResponse) { const expiresAt = new Date(Date.now() + sessionTimeSeconds * 1000); res.cookies.set({ - name: "__Host-session-uwbh25", + name: cookieName, value: newSessionId, expires: expiresAt, httpOnly: true, - secure: true, + // Development isn't a secure context. + secure: process.env.NODE_ENV !== "development", sameSite: "strict", }); @@ -111,7 +117,7 @@ export async function ensureSession(req: NextRequest, res: NextResponse) { // side code has the right session ID. // This doesn't write any cookies. req.cookies.set({ - name: "__Host-session-uwbh25", + name: cookieName, value: newSessionId, }); } @@ -125,7 +131,7 @@ export async function ensureSession(req: NextRequest, res: NextResponse) { export async function saveSession(data: Session): Promise { const cookieStore = await cookies(); - const cookie = cookieStore.get("__Host-session-uwbh25"); + const cookie = cookieStore.get(cookieName); if (!cookie?.value) { // This shouldn't happen, since every user should // have a session.