TopherMayor/comparaison
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix #12: middleware __Secure- cookie prefix check

Browse Source 
Middleware only checked for better-auth.session_token but HTTPS uses
__Secure-better-auth.session_token, causing all protected routes to
redirect to sign-in even when authenticated.
This commit is contained in:
Christopher Mayor
2026-04-27 12:53:04 -07:00
parent 2e138a8364
commit cfe50af1af
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/middleware.ts
View File

@@ -7,7 +7,10 @@ function hasSessionCookie(headers: Headers): boolean {
const cookieHeader = headers.get("cookie") ?? ""; const cookieHeader = headers.get("cookie") ?? "";
return cookieHeader return cookieHeader
.split(";") .split(";")
.some((c) => c.trim().startsWith("better-auth.session_token=")); .some((c) => {
const trimmed = c.trim();
return trimmed.startsWith("better-auth.session_token=") || trimmed.startsWith("__Secure-better-auth.session_token=");
});
} }
export async function middleware(request: NextRequest) { export async function middleware(request: NextRequest) {