From c01168976fa8c2e9631c56c2deb81aa4626c2715 Mon Sep 17 00:00:00 2001 From: Talal Sharabi Date: Mon, 16 Mar 2026 11:48:28 +0400 Subject: [PATCH] Fix session cookie: use COOKIE_SECURE env var instead of NODE_ENV The Secure flag was tied to NODE_ENV=production, which broke sessions on HTTP staging servers. Using a dedicated COOKIE_SECURE env var allows production-mode Next.js to run over HTTP for staging while still enabling Secure cookies in production (HTTPS). Made-with: Cursor --- src/lib/session.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/session.ts b/src/lib/session.ts index 79032656..5adb7d67 100644 --- a/src/lib/session.ts +++ b/src/lib/session.ts @@ -6,7 +6,7 @@ export const sessionOptions: IronSessionOptions = { password: process.env.SECRET_COOKIE_PASSWORD as string, cookieName: "eCrop/ielts", cookieOptions: { - secure: process.env.NODE_ENV === "production", + secure: process.env.COOKIE_SECURE === "true", }, };