From 1e7a47ad31a8dedad24721e178bbbcaa0e00c4a0 Mon Sep 17 00:00:00 2001
From: ilia <idobkin@gmail.com>
Date: Sun, 4 Jan 2026 21:35:37 -0500
Subject: [PATCH] refactor: Simplify cookie management in authentication
 handling

- Removed unnecessary comments and code related to secure cookie management in `auth.ts`, as Auth.js now correctly handles cookies.
- Streamlined the authentication route in `route.ts` by directly exporting handlers without additional wrappers.
---
 app/api/auth/[...nextauth]/route.ts |  1 -
 lib/auth.ts                         | 19 -------------------
 2 files changed, 20 deletions(-)

diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index 58272dd..866b2be 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -1,4 +1,3 @@
 import { handlers } from "@/lib/auth"
 
-// No wrapper needed - Auth.js now handles cookies correctly via useSecureCookies
 export const { GET, POST } = handlers
diff --git a/lib/auth.ts b/lib/auth.ts
index 499bc44..7806325 100644
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -12,29 +12,10 @@ if (!nextAuthSecret) {
 // Determine if we should use secure cookies based on AUTH_URL/NEXTAUTH_URL
 // Auth.js v5 derives this from the origin it detects, so we need to be explicit
 const authUrl = process.env.AUTH_URL || process.env.NEXTAUTH_URL || "http://localhost:3000"
-const isDev = process.env.NODE_ENV === "development"
 const isHttp = authUrl.startsWith("http://")
 
-// Explicitly control useSecureCookies - only true when URL is https://
-// This prevents Auth.js from auto-detecting HTTPS and adding prefixes on HTTP
-const useSecureCookies = !isHttp
-
-// Log cookie configuration for debugging (only in development)
-if (isDev) {
-  logger.debug("NextAuth cookie configuration", {
-    authUrl,
-    isDev,
-    isHttp,
-    useSecureCookies,
-    nodeEnv: process.env.NODE_ENV,
-    hasVercelEnv: !!process.env.VERCEL,
-    hasAuthTrustHost: !!process.env.AUTH_TRUST_HOST,
-  })
-}
-
 export const { handlers, auth, signIn, signOut } = NextAuth({
   // trustHost must be true for NextAuth v5 to work, even on localhost
-  // We control HTTPS detection via cookie configuration instead
   trustHost: true,
   debug: process.env.NODE_ENV !== "production",
   basePath: "/api/auth",