🐛 Only migrate legacy token if nextauth token doesn’t exist

apps/web/src/middleware.ts

@@ -42,27 +42,30 @@ export default withAuth(
 
     const res = NextResponse.rewrite(newUrl);
 
-    /**
+    if (!req.nextauth.token) {
-     * We moved from a bespoke session implementation to next-auth.
+      /**
-     * This middleware looks for the old session cookie and moves it to
+       * We moved from a bespoke session implementation to next-auth.
-     * a temporary cookie accessible to the client which will exchange it
+       * This middleware looks for the old session cookie and moves it to
-     * for a new session token with the legacy-token provider.
+       * a temporary cookie accessible to the client which will exchange it
-     */
+       * for a new session token with the legacy-token provider.
-    const legacyToken = req.cookies.get("rallly-session");
+       */
-    if (legacyToken) {
+      const legacyToken = req.cookies.get("rallly-session");
-      // delete old cookie
+      if (legacyToken) {
-      res.cookies.delete("rallly-session");
+        // delete old cookie
-      // make sure old cookie isn't expired
+        res.cookies.delete("rallly-session");
-      const payload = await unsealData(legacyToken.value, {
+        // make sure old cookie isn't expired
-        password: process.env.SECRET_PASSWORD,
+        const payload = await unsealData(legacyToken.value, {
-      });
+          password: process.env.SECRET_PASSWORD,
-      // if it's not expired, write it to a new cookie that we
-      // can read from the client
-      if (Object.keys(payload).length > 0) {
-        res.cookies.set({
-          name: "legacy-token",
-          value: legacyToken.value,
         });
+        // if it's not expired, write it to a new cookie that we
+        // can read from the client
+        if (Object.keys(payload).length > 0) {
+          res.cookies.set({
+            name: "legacy-token",
+            value: legacyToken.value,
+            httpOnly: false,
+          });
+        }
       }
     }