fix: Cookies must be strings

theopensystemslab · Jan 9, 2024 · 1eec237 · 1eec237
1 parent 1814554
commit 1eec237
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/api.planx.uk/modules/auth/controller.ts b/api.planx.uk/modules/auth/controller.ts
@@ -59,7 +59,8 @@ function setJWTCookie(returnTo: string, res: Response, req: Request) {
   res.cookie("jwt", req.user!.jwt, httpOnlyCookieOptions);
 
   // Set second cookie which can be read by browser to detect presence of the unreadable httpOnly cookie
-  res.cookie("auth", { loggedIn: true }, defaultCookieOptions);
+  const authCookie = btoa(JSON.stringify({ loggedIn: true }));
+  res.cookie("auth", authCookie, defaultCookieOptions);
 
   res.redirect(returnTo);
 }