diff --git a/src/routes/chef-access/+page.server.ts b/src/routes/chef-access/+page.server.ts index f88e470..57fdc8d 100644 --- a/src/routes/chef-access/+page.server.ts +++ b/src/routes/chef-access/+page.server.ts @@ -2,6 +2,7 @@ import type { PageServerLoad } from './$types'; import { validateMagicLinkToken } from '$lib/auth'; import { redirect } from '@sveltejs/kit'; import { MAGIC_LINK_TOKEN } from '$env/static/private'; +import { dev } from '$app/environment'; export const load: PageServerLoad = async ({ url, cookies }) => { const token = url.searchParams.get('token'); @@ -21,7 +22,8 @@ export const load: PageServerLoad = async ({ url, cookies }) => { cookies.set('chef_bible_auth', 'authenticated', { path: '/', httpOnly: true, - sameSite: 'strict', + sameSite: 'lax', // Changed from 'strict' to 'lax' for mobile Safari compatibility + secure: !dev, // Secure in production, not secure in development maxAge: 30 * 24 * 60 * 60 // 30 days in seconds }); diff --git a/src/routes/logout/+server.ts b/src/routes/logout/+server.ts index 0d31fc5..c431668 100644 --- a/src/routes/logout/+server.ts +++ b/src/routes/logout/+server.ts @@ -1,12 +1,14 @@ import type { RequestHandler } from './$types'; import { redirect } from '@sveltejs/kit'; +import { dev } from '$app/environment'; export const POST: RequestHandler = async ({ cookies }) => { // Clear the authentication cookie using the new API cookies.set('chef_bible_auth', '', { path: '/', httpOnly: true, - sameSite: 'strict', + sameSite: 'lax', // Changed from 'strict' to 'lax' for mobile Safari compatibility + secure: !dev, // Secure in production, not secure in development maxAge: 0 // Expire immediately }); @@ -19,7 +21,8 @@ export const GET: RequestHandler = async ({ cookies }) => { cookies.set('chef_bible_auth', '', { path: '/', httpOnly: true, - sameSite: 'strict', + sameSite: 'lax', // Changed from 'strict' to 'lax' for mobile Safari compatibility + secure: !dev, // Secure in production, not secure in development maxAge: 0 // Expire immediately });