Merge pull request #2535 from Abhinav-kodes/fix-resource-session-delete-cookie

fix: correct session DELETE tautology and HTTP cookie domain interpolation
2026-02-26 06:46:40 +00:00 · 2026-02-25 10:35:09 -08:00
parent 8ea6d9fa67 c64dd14b1a
commit 0ea38ea568
1 changed files with 2 additions and 2 deletions
--- a/server/auth/sessions/resource.ts
+++ b/server/auth/sessions/resource.ts
@@ -87,7 +87,7 @@ export async function validateResourceSessionToken(
    if (Date.now() >= resourceSession.expiresAt) {
        await db
            .delete(resourceSessions)
-            .where(eq(resourceSessions.sessionId, resourceSessions.sessionId));
+            .where(eq(resourceSessions.sessionId, sessionId));
        return { resourceSession: null };
    } else if (
        Date.now() >=
@@ -181,7 +181,7 @@ export function serializeResourceSessionCookie(
        return `${cookieName}_s.${now}=${token}; HttpOnly; SameSite=Lax; Expires=${expiresAt.toUTCString()}; Path=/; Secure; Domain=${domain}`;
    } else {
        if (expiresAt === undefined) {
-            return `${cookieName}.${now}=${token}; HttpOnly; SameSite=Lax; Path=/; Domain=$domain}`;
+            return `${cookieName}.${now}=${token}; HttpOnly; SameSite=Lax; Path=/; Domain=${domain}`;
        }
        return `${cookieName}.${now}=${token}; HttpOnly; SameSite=Lax; Expires=${expiresAt.toUTCString()}; Path=/; Domain=${domain}`;
    }