From f03259d44384eaa0e1a7b42ea26b3b146826c988 Mon Sep 17 00:00:00 2001 From: achmad Date: Fri, 29 May 2026 18:56:45 +0700 Subject: [PATCH] fix: set admin cookie path to / instead of /admin Cookie path /admin meant the browser never sent it to /api/admin/check (the auth check endpoint), so every check returned unauthenticated. Co-Authored-By: Claude Opus 4.8 (1M context) --- backend/src/app/api/admin/login/route.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/app/api/admin/login/route.ts b/backend/src/app/api/admin/login/route.ts index 3d74acf..7b9a508 100644 --- a/backend/src/app/api/admin/login/route.ts +++ b/backend/src/app/api/admin/login/route.ts @@ -12,7 +12,7 @@ export async function POST(request: NextRequest) { console.log('[AdminLogin] success, setting cookie', { secure, protocol: request.nextUrl.protocol, forwardedProto: request.headers.get('x-forwarded-proto') }); const response = NextResponse.json({ success: true }); response.cookies.set('admin_session', 'authenticated', { - httpOnly: true, secure, sameSite: 'lax', path: '/admin', maxAge: 86400, + httpOnly: true, secure, sameSite: 'lax', path: '/', maxAge: 86400, }); console.log('[AdminLogin] response cookie header:', response.headers.get('set-cookie')); return response;