July 17th, 2025
Fix(auth): migrate to modern Supabase SSR cookie/session methods, resolve all auth/session issues that could lead to random logouts.
Migrated all API/auth/middleware to use Supabase SSR getAll/setAll cookie methods
Ensured secure cookie options (httpOnly, secure, sameSite, path) everywhere
Fixed PKCE OAuth flow: code_verifier cookie is now reliably stored/retrieved
Magic link login bug fixed (no longer requires unused 'type' field)
Default redirect to /dashboard after login if no next param
Removed all legacy/unused Supabase client code
No deprecated cookie methods or TODOs remain
Codebase is now robust, secure, and production-ready for authentication
BREAKING CHANGE: Legacy Supabase client/server utils removed, all routes must use new SSR cookie API