From fd7f285c57c9992c20d762771e4906943672908c Mon Sep 17 00:00:00 2001
From: Sean Morley <zipsm15@gmail.com>
Date: Sun, 29 Dec 2024 12:55:45 -0500
Subject: [PATCH] Update session cookie deletion to conditionally use secure
 flag based on HTTPS protocol

---
 frontend/src/hooks.server.ts        | 6 +++---
 frontend/src/routes/+page.server.ts | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/frontend/src/hooks.server.ts b/frontend/src/hooks.server.ts
index 679a59d..91e1b60 100644
--- a/frontend/src/hooks.server.ts
+++ b/frontend/src/hooks.server.ts
@@ -23,7 +23,7 @@ export const authHook: Handle = async ({ event, resolve }) => {
 
 		if (!userFetch.ok) {
 			event.locals.user = null;
-			event.cookies.delete('sessionid', { path: '/' });
+			event.cookies.delete('sessionid', { path: '/', secure: event.url.protocol === 'https:' });
 			return await resolve(event);
 		}
 
@@ -54,12 +54,12 @@ export const authHook: Handle = async ({ event, resolve }) => {
 			}
 		} else {
 			event.locals.user = null;
-			event.cookies.delete('sessionid', { path: '/' });
+			event.cookies.delete('sessionid', { path: '/', secure: event.url.protocol === 'https:' });
 		}
 	} catch (error) {
 		console.error('Error in authHook:', error);
 		event.locals.user = null;
-		event.cookies.delete('sessionid', { path: '/' });
+		event.cookies.delete('sessionid', { path: '/', secure: event.url.protocol === 'https:' });
 	}
 
 	return await resolve(event);
diff --git a/frontend/src/routes/+page.server.ts b/frontend/src/routes/+page.server.ts
index 8d0446a..b379a8c 100644
--- a/frontend/src/routes/+page.server.ts
+++ b/frontend/src/routes/+page.server.ts
@@ -42,6 +42,7 @@ export const actions: Actions = {
 			credentials: 'include'
 		});
 		if (res.status == 401) {
+			event.cookies.delete('sessionid', { path: '/', secure: event.url.protocol === 'https:' });
 			return redirect(302, '/login');
 		} else {
 			return redirect(302, '/');