From 71ac76bc7232b07bd61b137b00fc4f0989c6ebf6 Mon Sep 17 00:00:00 2001
From: taogaetz <59668529+taogaetz@users.noreply.github.com>
Date: Wed, 3 Sep 2025 12:26:07 -0400
Subject: [PATCH] update cookies to work on mobile safari

---
 src/routes/chef-access/+page.server.ts | 4 +++-
 src/routes/logout/+server.ts           | 7 +++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/routes/chef-access/+page.server.ts b/src/routes/chef-access/+page.server.ts
index f88e470..57fdc8d 100644
--- a/src/routes/chef-access/+page.server.ts
+++ b/src/routes/chef-access/+page.server.ts
@@ -2,6 +2,7 @@ import type { PageServerLoad } from './$types';
 import { validateMagicLinkToken } from '$lib/auth';
 import { redirect } from '@sveltejs/kit';
 import { MAGIC_LINK_TOKEN } from '$env/static/private';
+import { dev } from '$app/environment';
 
 export const load: PageServerLoad = async ({ url, cookies }) => {
     const token = url.searchParams.get('token');
@@ -21,7 +22,8 @@ export const load: PageServerLoad = async ({ url, cookies }) => {
         cookies.set('chef_bible_auth', 'authenticated', {
             path: '/',
             httpOnly: true,
-            sameSite: 'strict',
+            sameSite: 'lax', // Changed from 'strict' to 'lax' for mobile Safari compatibility
+            secure: !dev, // Secure in production, not secure in development
             maxAge: 30 * 24 * 60 * 60 // 30 days in seconds
         });
 
diff --git a/src/routes/logout/+server.ts b/src/routes/logout/+server.ts
index 0d31fc5..c431668 100644
--- a/src/routes/logout/+server.ts
+++ b/src/routes/logout/+server.ts
@@ -1,12 +1,14 @@
 import type { RequestHandler } from './$types';
 import { redirect } from '@sveltejs/kit';
+import { dev } from '$app/environment';
 
 export const POST: RequestHandler = async ({ cookies }) => {
     // Clear the authentication cookie using the new API
     cookies.set('chef_bible_auth', '', {
         path: '/',
         httpOnly: true,
-        sameSite: 'strict',
+        sameSite: 'lax', // Changed from 'strict' to 'lax' for mobile Safari compatibility
+        secure: !dev, // Secure in production, not secure in development
         maxAge: 0 // Expire immediately
     });
 
@@ -19,7 +21,8 @@ export const GET: RequestHandler = async ({ cookies }) => {
     cookies.set('chef_bible_auth', '', {
         path: '/',
         httpOnly: true,
-        sameSite: 'strict',
+        sameSite: 'lax', // Changed from 'strict' to 'lax' for mobile Safari compatibility
+        secure: !dev, // Secure in production, not secure in development
         maxAge: 0 // Expire immediately
     });