diff --git a/src/lib/supabase/client.tsx b/src/lib/supabase/client.tsx index 5dd8528..565c725 100644 --- a/src/lib/supabase/client.tsx +++ b/src/lib/supabase/client.tsx @@ -17,7 +17,12 @@ export function createClient() { setAll(cookiesToSet: Array<{ name: string; value: string; options?: any }>) { if (typeof document === 'undefined') return; cookiesToSet.forEach(({ name, value, options }) => { - let cookieString = `${name}=${encodeURIComponent(value)}; Path=${options?.path || '/'}; Secure; SameSite=None`; + // Match server-side cookie attributes. Server uses Next.js + // cookies().set(), which defaults to SameSite=Lax with no + // Secure flag. Writing the same cookie name with different + // SameSite/Secure from JS produces conflicting state in the + // browser cookie store and breaks AuthContext on /contributor. + let cookieString = `${name}=${encodeURIComponent(value)}; Path=${options?.path || '/'}; SameSite=Lax`; if (options?.maxAge) cookieString += `; max-age=${options.maxAge}`; if (options?.domain) cookieString += `; domain=${options.domain}`; if (options?.expires) cookieString += `; expires=${options.expires}`;