Await deleting the auth cookie #1305
Conversation
This fixes the signout route not actually deleting the auth cookie.
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a bug in the signout route where the auth cookie was not being properly deleted due to missing await keyword. The fix ensures the asynchronous cookie deletion operation completes before proceeding with the signout process.
- Add
awaitkeyword todeleteAuthCookie()call in signout route handler - Ensures compatibility with Next.js versions > 15 where cookie operations are asynchronous
| @@ -614,7 +614,7 @@ export abstract class NextAuth extends NextAuthHelpers { | |||
| `'onSignout' auth route handler not configured`, | |||
| ); | |||
| } | |||
| this.deleteAuthCookie(); | |||
| await this.deleteAuthCookie(); | |||
There was a problem hiding this comment.
The fix correctly adds await to the asynchronous deleteAuthCookie() call. However, this change should also verify that the containing function is properly declared as async. If the parent function is not async, this will cause a syntax error.
Copilot uses AI. Check for mistakes.
There was a problem hiding this comment.
Yeah, deleteAuthCookie is indeed async:
gel-js/packages/auth-nextjs/src/shared.ts
Line 148 in be91c70
This fixes the signout route not actually deleting the auth cookie. In newer versions of Next.js, getting the cookie store is async, so this used to work, but when we fixed support for async cookies in Next.js > 15, we missed this one callsite.