diff options
| -rw-r--r-- | app/api/auth/[...nextauth]/saml/provider.ts | 6 | ||||
| -rw-r--r-- | app/api/saml/callback/route.ts | 5 |
2 files changed, 9 insertions, 2 deletions
diff --git a/app/api/auth/[...nextauth]/saml/provider.ts b/app/api/auth/[...nextauth]/saml/provider.ts index 1f891661..8486a690 100644 --- a/app/api/auth/[...nextauth]/saml/provider.ts +++ b/app/api/auth/[...nextauth]/saml/provider.ts @@ -248,7 +248,11 @@ export async function createNextAuthToken(user: User): Promise<string> { // NextAuth 세션 쿠키 이름 가져오기 export function getSessionCookieName(): string { - return process.env.NODE_ENV === 'production' + // NEXTAUTH_URL이 HTTPS인 경우에만 __Secure- 접두사 사용 + const nextAuthUrl = process.env.NEXTAUTH_URL || ''; + const isHttps = nextAuthUrl.startsWith('https://'); + + return isHttps ? '__Secure-next-auth.session-token' : 'next-auth.session-token'; } diff --git a/app/api/saml/callback/route.ts b/app/api/saml/callback/route.ts index 7f454cb9..c0290e71 100644 --- a/app/api/saml/callback/route.ts +++ b/app/api/saml/callback/route.ts @@ -161,9 +161,12 @@ export async function POST(request: NextRequest) { // POST 요청에 대한 응답으로는 303 See Other를 사용하여 GET으로 강제 변환 const response = NextResponse.redirect(new URL(redirectPath, baseUrl), 303) + // NEXTAUTH_URL이 HTTPS인 경우에만 secure 쿠키 사용 + const isHttps = baseUrl.startsWith('https://'); + response.cookies.set(cookieName, encodedToken, { httpOnly: true, - secure: process.env.NODE_ENV === 'production', + secure: isHttps, sameSite: 'lax', path: '/', maxAge: 30 * 24 * 60 * 60 // 30일 |