T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/lavocat.quebec/public_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/lavocat.quebec/public_html/CLEAR_SESSIONS.md
# Instructions to Fix Site Authentication

## The Problem
The `NEXTAUTH_SECRET` was changed, causing old session cookies to be invalid. This prevents users from logging in.

## Solutions

### Quick Fix (For Users)
1. **Clear your browser cookies** for the site
2. **Open in Incognito/Private mode**
3. Try to access the site again

### Permanent Fix (For Server)

You can create an API endpoint to clear all sessions:

1. Create file: `src/pages/api/clear-sessions.ts`
2. Add this code:

```typescript
import { prisma } from '@/lib/prisma';
import type { NextApiRequest, NextApiResponse } from 'next';

export default async function handler(
  req: NextApiRequest,
  res: NextApiResponse
) {
  if (req.method !== 'POST') {
    return res.status(405).json({ message: 'Method not allowed' });
  }

  try {
    await prisma.session.deleteMany({});
    await prisma.verificationToken.deleteMany({});
    
    return res.status(200).json({ 
      message: 'All sessions cleared successfully' 
    });
  } catch (error) {
    console.error('Error clearing sessions:', error);
    return res.status(500).json({ message: 'Failed to clear sessions' });
  }
}
```

3. Call: `POST /api/clear-sessions`
4. Restart server

### Better Fix - Update NEXTAUTH_SECRET Handling

Update `src/lib/auth.ts` to handle secret changes gracefully:

```typescript
// Add at line 68-75 (in session callback)
if (error?.message?.includes('decryption')) {
  // Clear invalid sessions
  return res.redirect('/auth/login');
}
```

### Production Fix
1. Set consistent `NEXTAUTH_SECRET` in `.env` and `.env.production`
2. Consider using a secret manager
3. Document secret changes and require cookie clearing

## Current Working Status
✅ Server is running
✅ Database accessible  
✅ Static files loading
❌ Auth failing due to old cookies

## Immediate Action
Clear browser cookies and try again, or restart the server with a fresh `NEXTAUTH_SECRET`.

CasperSecurity Mini