From 33d2469c5b12c1fc0f58ed6f34943688379e0924 Mon Sep 17 00:00:00 2001
From: pilcrowOnPaper <pilcrowonpaper@gmail.com>
Date: Tue, 26 Dec 2023 00:41:29 +0900
Subject: [PATCH] fix sveltekit tutorial

---
 .../pages/tutorials/github-oauth/sveltekit.md | 45 +------------------
 .../username-and-password/sveltekit.md        |  2 +-
 2 files changed, 2 insertions(+), 45 deletions(-)

diff --git a/docs/pages/tutorials/github-oauth/sveltekit.md b/docs/pages/tutorials/github-oauth/sveltekit.md
index 74969df4b..6f09b2142 100644
--- a/docs/pages/tutorials/github-oauth/sveltekit.md
+++ b/docs/pages/tutorials/github-oauth/sveltekit.md
@@ -40,7 +40,7 @@ import { dev } from "$app/environment";
 export const lucia = new Lucia(adapter, {
 	sessionCookie: {
 		attributes: {
-			secure: dev
+			secure: !dev
 		}
 	},
 	getUserAttributes: (attributes) => {
@@ -203,49 +203,6 @@ interface GitHubUser {
 
 You can validate requests by checking `locals.user`. The field `user.username` is available since we defined the `getUserAttributes()` option. You can protect pages, such as `/`, by redirecting unauthenticated users to the login page.
 
-```ts
-const user = Astro.locals.user;
-if (!user) {
-	return Astro.redirect("/login");
-}
-
-const username = user.username;
-```
-
-## Sign out
-
-Sign out users by invalidating their session with `Lucia.invalidateSession()`. Make sure to remove their session cookie by setting a blank session cookie created with `Lucia.createBlankSessionCookie()`.
-
-```ts
-import { lucia } from "../../auth";
-import type { APIContext } from "astro";
-
-export async function POST(context: APIContext): Promise<Response> {
-	if (!context.locals.session) {
-		return new Response(null, {
-			status: 401
-		});
-	}
-
-	await lucia.invalidateSession(context.locals.session.id);
-
-	const sessionCookie = lucia.createBlankSessionCookie();
-	context.cookies.set(sessionCookie.name, sessionCookie.value, sessionCookie.attributes);
-
-	return Astro.redirect("/login");
-}
-```
-
-```html
-<form method="post" action="/api/logout">
-	<button>Sign out</button>
-</form>
-```
-
-## Validate requests
-
-You can validate requests by checking `locals.user`. The field `user.username` is available since we defined the `getUserAttributes()` option. You can protect pages, such as `/`, by redirecting unauthenticated users to the login page.
-
 ```ts
 // +page.server.ts
 import type { PageServerLoad, Actions } from "./$types";
diff --git a/docs/pages/tutorials/username-and-password/sveltekit.md b/docs/pages/tutorials/username-and-password/sveltekit.md
index 345cf533e..cf7ca2862 100644
--- a/docs/pages/tutorials/username-and-password/sveltekit.md
+++ b/docs/pages/tutorials/username-and-password/sveltekit.md
@@ -28,7 +28,7 @@ import { dev } from "$app/environment";
 export const lucia = new Lucia(adapter, {
 	sessionCookie: {
 		attributes: {
-			secure: dev
+			secure: !dev
 		}
 	},
 	getUserAttributes: (attributes) => {