Unable to get session in nextauth middleware when deployed to netlify

Stas1407 · June 9, 2023, 10:03am

malfunctioning part of the middleware:

callbacks: {
        async authorized({ token, req }) {
            // Route protection
            const session = await getToken({
                req,
                secret: process.env.NEXTAUTH_SECRET
            })
            const pathname = req.nextUrl.pathname
            const isAuth = !!token

            const notSensitiveRoutes = ['/', '/pricing', '/api/auth/signin', '/api/auth/callback/credentials', '/api/auth/session']

            console.log(token)
            console.log(session)
            console.log(req.cookies)

            if (!isAuth && !notSensitiveRoutes.some((route) => (pathname === route)) && pathname.startsWith('/api')) {
                return false
            } else if (!isAuth && !notSensitiveRoutes.some((route) => (pathname === route))) {
                return false
            }
            return true
        }
    }

Everything works perfect when using netlify dev - token, and session are valid objects containing all information, after deploying getToken returns null and token received as a function argument also is null. Of course after log in. The only difference between the dev and production that I noticed is the cookie name: next-auth.session-token in dev and __Secure-next-auth.session-token in production but I don’t know if it makes any difference.

Also if I add raw: true to get Token:

const session = await getToken({
                req,
                secret: process.env.NEXTAUTH_SECRET,
                raw: true
            })

session is still null

I don’t know if it will be useful but here is netlify site name: https://snazzy-jalebi-fb75cc.netlify.app/
Because of this behavior I can’t access any of the protected routes. Also there are no error messages in functions, edge functions and build logs.

I’ve been googling and debugging for the past 2 days and found nothing so I would really appreciate any help : )

Stas1407 · June 9, 2023, 7:07pm

After some further research it turned out that it was indeed a problem with cookie name and changing the code to the following solved the issue.

const session = await getToken({
                req,
                secret: process.env.NEXTAUTH_SECRET,
                cookieName: process.env.NODE_ENV === 'production' ? '__Secure-next-auth.session-token' : 'next-auth.session-token'
            })

I will leave it here in case anyone else encounters this issue. Also if anyone knows a better solution I would appreciate sharing it.

egli22 · January 15, 2024, 8:27pm

damnn,thanks helped me a lot

SamO · January 16, 2024, 5:04pm

glad to hear this helped!

Starlette · September 24, 2024, 8:56am

Hi, where do I get this bit of code? I’m using next auth with MUI’s toolpad and don’t have this piece of code in their example project.

initAbhi · April 10, 2025, 1:40am

Thank you so much! was stuck looking for solution everywhere

Topic		Replies	Views
Next-auth fails with Netlify deploy: next-auth GET /api/auth/session 400 CLIENT_FETCH_ERROR Unexpected token 'E' (Netlify deploy) Support nextjs	7	6723	December 13, 2022
NextJs with next-auth login problem Support deployment	2	406	October 8, 2023
Not able to get parameter from dynamic url using next js Support deployment , nextjs	1	4940	April 27, 2020
Cookie errors using next-auth Support authentication , deployment	2	1779	August 14, 2023
Netlify resetting session token cookies in next-auth (only in `netlify deploy`) Support nextjs	1	669	July 16, 2023

Unable to get session in nextauth middleware when deployed to netlify

Related topics