Always use secure token

apps/client/pages/api/auth/[...nextauth].ts

@@ -85,6 +85,7 @@ export const authOptions = {
         strategy: 'jwt' as SessionStrategy,
         maxAge: 1 * 24 * 60 * 60, // 1 Day
     },
+    useSecureCookies: true,
     providers: [
         CredentialsProvider({
             name: 'Credentials',

apps/server/src/app/middleware/validate-auth-jwt.ts

@@ -8,14 +8,10 @@ export const validateAuthJwt = async (req, res, next) => {
             return res.status(500).json({ message: 'Internal Server Error' })
         }
 
-        const cookieName = req.secure
-            ? '__Secure-next-auth.session-token'
-            : 'next-auth.session-token'
-
-        if (req.cookies && cookieName in req.cookies) {
+        if (req.cookies && '__Secure-next-auth.session-token' in req.cookies) {
             try {
                 const token = await decode({
-                    token: req.cookies[cookieName],
+                    token: req.cookies['__Secure-next-auth.session-token'],
                     secret: SECRET,
                 })