admin/Dota-Zombie-Invasion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: set admin cookie path to / instead of /admin

Browse Source 
Cookie path /admin meant the browser never sent it to /api/admin/check
(the auth check endpoint), so every check returned unauthenticated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
achmad
2026-05-29 18:56:45 +07:00
parent a46b3a7ca9
commit f03259d443
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/app/api/admin/login/route.ts
+1 -1
View File
@@ -12,7 +12,7 @@ export async function POST(request: NextRequest) {
console.log('[AdminLogin] success, setting cookie', { secure, protocol: request.nextUrl.protocol, forwardedProto: request.headers.get('x-forwarded-proto') });
const response = NextResponse.json({ success: true });
response.cookies.set('admin_session', 'authenticated', {
httpOnly: true, secure, sameSite: 'lax', path: '/admin', maxAge: 86400,
httpOnly: true, secure, sameSite: 'lax', path: '/', maxAge: 86400,
});
console.log('[AdminLogin] response cookie header:', response.headers.get('set-cookie'));
return response;