Update session cookie deletion to conditionally use secure flag based on HTTPS protocol

2024-12-29 12:55:45 -05:00
parent b5ac66a1cc
commit fd7f285c57
2 changed files with 4 additions and 3 deletions
--- a/frontend/src/hooks.server.ts
+++ b/frontend/src/hooks.server.ts
@@ -23,7 +23,7 @@ export const authHook: Handle = async ({ event, resolve }) => {

 		if (!userFetch.ok) {
 			event.locals.user = null;
-			event.cookies.delete('sessionid', { path: '/' });
+			event.cookies.delete('sessionid', { path: '/', secure: event.url.protocol === 'https:' });
 			return await resolve(event);
 		}

@@ -54,12 +54,12 @@ export const authHook: Handle = async ({ event, resolve }) => {
 			}
 		} else {
 			event.locals.user = null;
-			event.cookies.delete('sessionid', { path: '/' });
+			event.cookies.delete('sessionid', { path: '/', secure: event.url.protocol === 'https:' });
 		}
 	} catch (error) {
 		console.error('Error in authHook:', error);
 		event.locals.user = null;
-		event.cookies.delete('sessionid', { path: '/' });
+		event.cookies.delete('sessionid', { path: '/', secure: event.url.protocol === 'https:' });
 	}

 	return await resolve(event);
--- a/frontend/src/routes/+page.server.ts
+++ b/frontend/src/routes/+page.server.ts
@@ -42,6 +42,7 @@ export const actions: Actions = {
 			credentials: 'include'
 		});
 		if (res.status == 401) {
+			event.cookies.delete('sessionid', { path: '/', secure: event.url.protocol === 'https:' });
 			return redirect(302, '/login');
 		} else {
 			return redirect(302, '/');