Delete the user's auth cookie if it's missing or invalid (#131)

KittyCAD · Apr 2, 2024 · d29fa37 · d29fa37
1 parent cf66900
commit d29fa37
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/hooks.server.ts b/src/hooks.server.ts
@@ -29,7 +29,11 @@ export const handle = async ({ event, resolve }) => {
 		})
 		.then((res) => res.json())
 		.catch((e) => {
-			throw error(500, e)
+			// If the user had a token but there was an error fetching the user,
+			//delete the token, because it was likely revoked or expired
+			console.error('Error fetching user:', e)
+			event.cookies.delete(AUTH_COOKIE_NAME, { domain, path: '/' })
+			throw redirect(303, '/')
 		})
 
 	if (!currentUser) {