fix: Implement comprehensive Supabase cookie configuration for Docker environment

Client-side improvements (supabase.ts): - Set detectSessionInUrl: false to prevent SSR redirect loops - Add explicit cookieOptions with Docker-friendly settings - Configure secure: false for localhost non-HTTPS - Set sameSite: 'lax' for proper navigation cookie handling Server-side improvements (supabase-ssr.ts): - Add comprehensive default cookie options - Ensure consistent cookie configuration across all server clients - Set maxAge: 7 days for proper session persistence - Maintain security with httpOnly: true These changes address session persistence issues in Docker containers and should resolve Stripe setup redirect loops for existing users. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-12 21:15:27 -06:00
parent 03e3d8241c
commit 83470449e8
2 changed files with 21 additions and 8 deletions
--- a/src/lib/supabase-ssr.ts
+++ b/src/lib/supabase-ssr.ts
@@ -6,6 +6,15 @@ export function createSupabaseServerClient(
  cookies: AstroCookies,
  cookieOptions?: CookieOptions
 ) {
+  // Default cookie options for Docker/localhost environment
+  const defaultCookieOptions: CookieOptions = {
+    secure: false,              // localhost is non-HTTPS in Docker
+    sameSite: 'lax',            // allow cross-site cookie on navigation  
+    path: '/',                  // root-wide access
+    httpOnly: true,             // JS-inaccessible for security
+    maxAge: 60 * 60 * 24 * 7,   // 7 days
+  };
+
  return createServerClient<Database>(
    import.meta.env.PUBLIC_SUPABASE_URL!,
    import.meta.env.PUBLIC_SUPABASE_ANON_KEY!,
@@ -17,24 +26,22 @@ export function createSupabaseServerClient(
        },
        set(name: string, value: string, options: CookieOptions) {
          if (!cookies) return;
-          // Fix cookie settings for Docker/production
+          // Merge with default options, allowing overrides
          cookies.set(name, value, {
+            ...defaultCookieOptions,
+            ...cookieOptions,
            ...options,
-            httpOnly: true,
-            secure: false, // Set to false for Docker/localhost
-            sameSite: 'lax',
-            path: '/'
          })
        },
        remove(name: string, options: CookieOptions) {
          if (!cookies) return;
          cookies.delete(name, {
+            ...defaultCookieOptions,
            ...options,
-            path: '/'
          })
        },
      },
-      cookieOptions,
+      cookieOptions: defaultCookieOptions,
    }
  )
 }