fix: lates

app/auth/login/route.ts

@@ -2,6 +2,9 @@ import { NextRequest, NextResponse } from "next/server";
 
 import {
   SESSION_COOKIE,
+  SESSION_COOKIE_SECURE_ENV,
+  getSessionCookieDomain,
+  getSessionTtlSeconds,
   UserRole,
   canAccessPath,
   authenticateUser,
@@ -58,7 +61,7 @@ function maskEmail(email: string) {
 }
 
 function shouldUseSecureCookies(request: NextRequest) {
-  const explicit = process.env.COOKIE_SECURE?.toLowerCase() ?? "";
+  const explicit = SESSION_COOKIE_SECURE_ENV;
   if (explicit === "true" || explicit === "1") {
     return true;
   }
@@ -193,6 +196,7 @@ export async function POST(request: NextRequest) {
     sameSite: "lax",
     secure: shouldUseSecureCookies(request),
     path: "/",
+    domain: getSessionCookieDomain(),
     maxAge: sessionMaxAgeSeconds
   });
   if (AUTH_DEBUG) {
@@ -200,6 +204,7 @@ export async function POST(request: NextRequest) {
       userId: session.userId,
       role: session.role,
       sessionExpiresAt: session.expiresAt,
+      sessionMaxAgeFromEnv: getSessionTtlSeconds(),
       maxAge: sessionMaxAgeSeconds,
       host: request.headers.get("host") || "unknown",
       protocol: request.nextUrl.protocol,