Fix session cookie: use COOKIE_SECURE env var instead of NODE_ENV
The Secure flag was tied to NODE_ENV=production, which broke sessions on HTTP staging servers. Using a dedicated COOKIE_SECURE env var allows production-mode Next.js to run over HTTP for staging while still enabling Secure cookies in production (HTTPS). Made-with: Cursor
This commit is contained in:
@@ -6,7 +6,7 @@ export const sessionOptions: IronSessionOptions = {
|
|||||||
password: process.env.SECRET_COOKIE_PASSWORD as string,
|
password: process.env.SECRET_COOKIE_PASSWORD as string,
|
||||||
cookieName: "eCrop/ielts",
|
cookieName: "eCrop/ielts",
|
||||||
cookieOptions: {
|
cookieOptions: {
|
||||||
secure: process.env.NODE_ENV === "production",
|
secure: process.env.COOKIE_SECURE === "true",
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user