From 7538e570c5b92c970a3cb0525e0acfdd5a46466b Mon Sep 17 00:00:00 2001
From: Johannes <72809645+jobenjada@users.noreply.github.com>
Date: Mon, 5 May 2025 05:09:35 -0700
Subject: [PATCH] chore: enforce cookie options for more security (#5618)

---
 apps/web/modules/auth/lib/authOptions.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/apps/web/modules/auth/lib/authOptions.ts b/apps/web/modules/auth/lib/authOptions.ts
index eb3e277e6b..4d9660ced5 100644
--- a/apps/web/modules/auth/lib/authOptions.ts
+++ b/apps/web/modules/auth/lib/authOptions.ts
@@ -177,6 +177,17 @@ export const authOptions: NextAuthOptions = {
     // Conditionally add enterprise SSO providers
     ...(ENTERPRISE_LICENSE_KEY ? getSSOProviders() : []),
   ],
+  cookies: {
+    sessionToken: {
+      name: "next-auth.session-token",
+      options: {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        path: "/",
+      },
+    },
+  },
   session: {
     maxAge: 3600,
   },