From c64dd14b1a1fcc410c1adb6b02e063ce9d97c9b6 Mon Sep 17 00:00:00 2001
From: Abhinav-kodes <183825080+Abhinav-kodes@users.noreply.github.com>
Date: Wed, 25 Feb 2026 16:54:31 +0530
Subject: [PATCH] fix: correct session DELETE tautology and HTTP cookie domain
 interpolation

---
 server/auth/sessions/resource.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/auth/sessions/resource.ts b/server/auth/sessions/resource.ts
index 3b9da3d7..a1ae1337 100644
--- a/server/auth/sessions/resource.ts
+++ b/server/auth/sessions/resource.ts
@@ -87,7 +87,7 @@ export async function validateResourceSessionToken(
     if (Date.now() >= resourceSession.expiresAt) {
         await db
             .delete(resourceSessions)
-            .where(eq(resourceSessions.sessionId, resourceSessions.sessionId));
+            .where(eq(resourceSessions.sessionId, sessionId));
         return { resourceSession: null };
     } else if (
         Date.now() >=
@@ -181,7 +181,7 @@ export function serializeResourceSessionCookie(
         return `${cookieName}_s.${now}=${token}; HttpOnly; SameSite=Lax; Expires=${expiresAt.toUTCString()}; Path=/; Secure; Domain=${domain}`;
     } else {
         if (expiresAt === undefined) {
-            return `${cookieName}.${now}=${token}; HttpOnly; SameSite=Lax; Path=/; Domain=$domain}`;
+            return `${cookieName}.${now}=${token}; HttpOnly; SameSite=Lax; Path=/; Domain=${domain}`;
         }
         return `${cookieName}.${now}=${token}; HttpOnly; SameSite=Lax; Expires=${expiresAt.toUTCString()}; Path=/; Domain=${domain}`;
     }