marcel/mealprep
1
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): add secure flag to JSESSIONID cookie and test JSESSIONID cookie setting

Browse Source 
- Add secure: true to cookies.set() in login and signup actions
- Add tests verifying JSESSIONID is forwarded to browser on successful
  login and signup

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel Raddatz
2026-04-02 18:50:34 +02:00
parent 16f0feb8d5
commit 61249af086
4 changed files with 36 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
frontend/src/routes/(public)/signup/+page.server.ts
View File

@@ -43,7 +43,7 @@ export const actions = {
const sessionId = response.headers.get('set-cookie')?.match(/JSESSIONID=([^;]+)/i)?.[1];
if (sessionId) {
cookies.set('JSESSIONID', sessionId, { path: '/', httpOnly: true, sameSite: 'lax' });
cookies.set('JSESSIONID', sessionId, { path: '/', httpOnly: true, sameSite: 'lax', secure: true });
}
throw redirect(303, '/household/setup');