chore: enforce cookie options for more security (#5618)

2026-01-06 05:40:02 -06:00 · 2025-05-05 05:09:35 -07:00
parent 66fcf4b79b
commit 7538e570c5
1 changed files with 11 additions and 0 deletions
--- a/apps/web/modules/auth/lib/authOptions.ts
+++ b/apps/web/modules/auth/lib/authOptions.ts
@@ -177,6 +177,17 @@ export const authOptions: NextAuthOptions = {
    // Conditionally add enterprise SSO providers
    ...(ENTERPRISE_LICENSE_KEY ? getSSOProviders() : []),
  ],
+  cookies: {
+    sessionToken: {
+      name: "next-auth.session-token",
+      options: {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        path: "/",
+      },
+    },
+  },
  session: {
    maxAge: 3600,
  },