Fix session cookie: use COOKIE_SECURE env var instead of NODE_ENV

The Secure flag was tied to NODE_ENV=production, which broke sessions
on HTTP staging servers. Using a dedicated COOKIE_SECURE env var
allows production-mode Next.js to run over HTTP for staging while
still enabling Secure cookies in production (HTTPS).

Made-with: Cursor
This commit is contained in:
Talal Sharabi
2026-03-16 11:48:28 +04:00
parent e27d8231e9
commit c01168976f

View File

@@ -6,7 +6,7 @@ export const sessionOptions: IronSessionOptions = {
password: process.env.SECRET_COOKIE_PASSWORD as string, password: process.env.SECRET_COOKIE_PASSWORD as string,
cookieName: "eCrop/ielts", cookieName: "eCrop/ielts",
cookieOptions: { cookieOptions: {
secure: process.env.NODE_ENV === "production", secure: process.env.COOKIE_SECURE === "true",
}, },
}; };