Fix cookie handling for Vercel serverless

2026-02-21 15:54:32 -06:00 · 2026-02-21 15:54:32 -06:00 · ff3cc87dc8
commit ff3cc87dc8
parent cd0fdfbd60
2 changed files with 40 additions and 7 deletions
--- a/src/app/api/auth/login/route.ts
+++ b/src/app/api/auth/login/route.ts
@ -1,8 +1,11 @@
 import { NextResponse } from "next/server";
-import { authenticateUser, createUserSession, setSessionCookie } from "@/lib/server/auth";
+import { authenticateUser, createUserSession } from "@/lib/server/auth";

 export const runtime = "nodejs";

+const SESSION_COOKIE_NAME = "gantt_session";
+const SESSION_DAYS_REMEMBER = 30;
+
 export async function POST(request: Request) {
  try {
    const body = (await request.json()) as {
@ -25,13 +28,31 @@ export async function POST(request: Request) {
    }

    const session = await createUserSession(user.id, rememberMe);
-    await setSessionCookie(session.token, rememberMe);
    
-    return NextResponse.json({
+    // Set cookie on response for Vercel compatibility
+    const response = NextResponse.json({
      success: true,
      user,
      session: { expiresAt: session.expiresAt, rememberMe },
    });
+    
+    const baseCookieOptions = {
+      httpOnly: true,
+      sameSite: "lax" as const,
+      secure: process.env.NODE_ENV === "production",
+      path: "/",
+    };
+    
+    if (rememberMe) {
+      response.cookies.set(SESSION_COOKIE_NAME, session.token, {
+        ...baseCookieOptions,
+        maxAge: SESSION_DAYS_REMEMBER * 24 * 60 * 60,
+      });
+    } else {
+      response.cookies.set(SESSION_COOKIE_NAME, session.token, baseCookieOptions);
+    }
+
+    return response;
  } catch {
    return NextResponse.json({ error: "Login failed" }, { status: 500 });
  }
--- a/src/app/api/auth/logout/route.ts
+++ b/src/app/api/auth/logout/route.ts
@ -1,14 +1,26 @@
 import { NextResponse } from "next/server";
-import { clearSessionCookie, getSessionTokenFromCookies, revokeSession } from "@/lib/server/auth";
+import { getSessionTokenFromCookies, revokeSession } from "@/lib/server/auth";

 export const runtime = "nodejs";

+const SESSION_COOKIE_NAME = "gantt_session";
+
 export async function POST() {
  try {
    const token = await getSessionTokenFromCookies();
    if (token) await revokeSession(token);
-    await clearSessionCookie();
-    return NextResponse.json({ success: true });
+    
+    // Clear cookie on response for Vercel compatibility
+    const response = NextResponse.json({ success: true });
+    response.cookies.set(SESSION_COOKIE_NAME, "", {
+      httpOnly: true,
+      sameSite: "lax",
+      secure: process.env.NODE_ENV === "production",
+      path: "/",
+      maxAge: 0,
+    });
+    
+    return response;
  } catch {
    return NextResponse.json({ error: "Logout failed" }, { status: 500 });
  }