getSessionCookie() return null is some cases

its confusing for some of us that

getSessionCookie()

getSessionCookie()

getSessionCookie()

getSessionCookie() is not behaving like we expect for the next reasons:

the function is not respecting the auth options specified in

auth.ts

auth.ts

auth.ts

auth.ts

advanced: {
cookies: {
  session_token: {
    name: "custom_session_token",
  },
},
cookiePrefix: custom_cookie_prefix,
 useSecureCookies: true
}

advanced: {
cookies: {
  session_token: {
    name: "custom_session_token",
  },
},
cookiePrefix: custom_cookie_prefix,
 useSecureCookies: true
}

advanced: {
cookies: {
  session_token: {
    name: "custom_session_token",
  },
},
cookiePrefix: custom_cookie_prefix,
 useSecureCookies: true
}

advanced: {
cookies: {
  session_token: {
    name: "custom_session_token",
  },
},
cookiePrefix: custom_cookie_prefix,
 useSecureCookies: true
}

because if you import the config option it will not be compatible with edge runtime. therefore you should specify the config as the second argument if cookie name or prefix is customized.

  const sessionCookie = getSessionCookie(request, {
      cookiePrefix: custom_cookie_prefix,
              cookieName: custom_cookie_name
  });

  const sessionCookie = getSessionCookie(request, {
      cookiePrefix: custom_cookie_prefix,
              cookieName: custom_cookie_name
  });

  const sessionCookie = getSessionCookie(request, {
      cookiePrefix: custom_cookie_prefix,
              cookieName: custom_cookie_name
  });

  const sessionCookie = getSessionCookie(request, {
      cookiePrefix: custom_cookie_prefix,
              cookieName: custom_cookie_name
  });

in dev mode if you are running your server in

https://

https://

https://

https:// cookies will be secured by default if you don't specify the

useSecureCookies

useSecureCookies

useSecureCookies

useSecureCookies option.

const secure =
  options.advanced?.useSecureCookies !== undefined
      ? options.advanced?.useSecureCookies
      : options.baseURL !== undefined
          ? options.baseURL.startsWith("https://")
              ? true
              : false
          : isProduction;

const secure =
  options.advanced?.useSecureCookies !== undefined
      ? options.advanced?.useSecureCookies
      : options.baseURL !== undefined
          ? options.baseURL.startsWith("https://")
              ? true
              : false
          : isProduction;

const secure =
  options.advanced?.useSecureCookies !== undefined
      ? options.advanced?.useSecureCookies
      : options.baseURL !== undefined
          ? options.baseURL.startsWith("https://")
              ? true
              : false
          : isProduction;

const secure =
  options.advanced?.useSecureCookies !== undefined
      ? options.advanced?.useSecureCookies
      : options.baseURL !== undefined
          ? options.baseURL.startsWith("https://")
              ? true
              : false
          : isProduction;

and the function is only prefixing the cookie

__secure-

__secure-

__secure-

__secure- in production ignoring the code above

const name = isProduction
      ? `__Secure-${cookiePrefix}.${cookieName}`
      : `${cookiePrefix}.${cookieName}`;

const name = isProduction
      ? `__Secure-${cookiePrefix}.${cookieName}`
      : `${cookiePrefix}.${cookieName}`;

const name = isProduction
      ? `__Secure-${cookiePrefix}.${cookieName}`
      : `${cookiePrefix}.${cookieName}`;

const name = isProduction
      ? `__Secure-${cookiePrefix}.${cookieName}`
      : `${cookiePrefix}.${cookieName}`;

IMHO: It could more clear to explain this in the docs and the function should also check for

request.nextUrl.origin.startsWith("https://"

request.nextUrl.origin.startsWith("https://"

request.nextUrl.origin.startsWith("https://"

request.nextUrl.origin.startsWith("https://" to add the secure prefix.

getSessionCookie() return null is some cases

Similar Threads

Similar Threads

Similar Threads