Cookie rejected for invalid prefix #7918
Unanswered
scottishsmile
asked this question in
Help
Replies: 1 comment 2 replies
-
|
I think it maybe NextJS showing static pages, so "Login" is a static HTML element giving the appearance the user is logged out. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
Did you figure out a solution? I am getting the same errors after setting up my project in the cloud. It doesn't happen on my local machine. |
Beta Was this translation helpful? Give feedback.
-
|
I resolved it by starting the server on port 443 (using the flag |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
Everything works fine in my development environment. I have recently tried to publish my NextJS 13.3.1 / Next-Auth 4.22.1 app to a linode ubuntu VM.
Since then, everytime I close the browser window the user is logged out.
If I refresh the page, the user is still logged in. Closing the browser seems to delete the cookies.
I see these errors on re-opening the browser window:
Cookie “__Host-next-auth.csrf-token” has been rejected for invalid prefix.Cookie “__Secure-next-auth.callback-url” has been rejected for invalid prefix.Cookie “__Host-next-auth.csrf-token” has been rejected for invalid prefix.The cookies when the user logs in (mysite.com is just an example, I didn't want to post the domain):
__Host-next-auth.csrf-token Created:"Fri, 30 Jun 2023 12:04:05 GMT" Domain:"mysite.com" Expires / Max-Age:"Session" HostOnly:true HttpOnly:true Last Accessed:"Fri, 30 Jun 2023 12:04:05 GMT" Path:"/" SameSite:"Lax" Secure:true Size:158__Secure-next-auth.callback-url:"https%3A%2F%2Fmysite.com" Created:"Fri, 30 Jun 2023 12:04:05 GMT" Domain:"mysite.com" Expires / Max-Age:"Session" Last Accessed:"Fri, 30 Jun 2023 12:04:05 GMT" Path:"/" SameSite:"Lax" Secure:true Size:59__Secure-next-auth.session-token:"blah..." Created:"Fri, 30 Jun 2023 00:25:52 GMT" Domain:"mysite.com" Expires / Max-Age:"Sun, 30 Jul 2023 12:08:10 GMT" HostOnly:true HttpOnly:true Last Accessed:"Fri, 30 Jun 2023 12:08:11 GMT" Path:"/" Secure:true Size:3559Those 3 cookies disappear when the browser window is closed.
The local storage object remains:
nextauth.message:"{"event":"session","data":{"trigger":"getSession"},"timestamp":1688127164}"I include these in my .env.production file for NextJS
NEXTAUTH_URL = https://mysite.comNEXTAUTH_SECRET = hgy34...blah...As I am using nginx as a proxy to forward the domain calls to localhost:3000 I have also tried the
NEXTAUTH_URL_INTERNAL=https://localhost:3000with no luck.I have made sure 'use client' is at the top of the login page and index page but no change.
I'd appreciate any advice on how to troubleshoot this?
Thanks,
Andy
Beta Was this translation helpful? Give feedback.
All reactions