diff --git a/src/module.ts b/src/module.ts index 99dbd418..cadb7b12 100644 --- a/src/module.ts +++ b/src/module.ts @@ -135,7 +135,7 @@ export default defineNuxtModule({ runtimeConfig.session = defu(runtimeConfig.session, { name: 'nuxt-session', - password: process.env[envSessionPassword] || '', + password: '', cookie: { sameSite: 'lax', }, @@ -146,7 +146,7 @@ export default defineNuxtModule({ }) // Generate the session password - if (nuxt.options.dev && !runtimeConfig.session.password) { + if (nuxt.options.dev && !process.env[envSessionPassword]) { runtimeConfig.session.password = randomUUID().replace(/-/g, '') // Add it to .env const envPath = join(nuxt.options.rootDir, '.env') diff --git a/src/runtime/server/utils/session.ts b/src/runtime/server/utils/session.ts index 49bc1459..7fc4ea15 100644 --- a/src/runtime/server/utils/session.ts +++ b/src/runtime/server/utils/session.ts @@ -112,6 +112,9 @@ function _useSession(event: UseSessionEvent, config: Partial = {} const envSessionPassword = `${runtimeConfig.nitro?.envPrefix || 'NUXT_'}SESSION_PASSWORD` sessionConfig = defu({ password: process.env[envSessionPassword] }, runtimeConfig.session) + if (!sessionConfig.password) { + console.error(`[nuxt-auth-utils] ${envSessionPassword} environment variable or runtimeConfig.session.password was not set.`) + } } const finalConfig = defu(config, sessionConfig) as SessionConfig return useSession(event, finalConfig)