From 6328a8d0d3a668a8c52d8201b13ec8d2fa38289a Mon Sep 17 00:00:00 2001
From: le king fu <lekingfu@protonmail.com>
Date: Tue, 7 Apr 2026 08:56:21 -0400
Subject: [PATCH] fix: correct Logto session cookie prefix in middleware

Cookie is named `logto_<appId>` not `logto:<appId>`.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 web/src/middleware.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/src/middleware.ts b/web/src/middleware.ts
index 6e933bb..36b70dc 100644
--- a/web/src/middleware.ts
+++ b/web/src/middleware.ts
@@ -10,9 +10,9 @@ export function middleware(request: NextRequest) {
   }
 
   // Protected routes: check for Logto session cookie
-  // The Logto SDK stores session data in a cookie named `logto:<appId>`
+  // The Logto SDK stores session data in a cookie named `logto_<appId>`
   const hasSession = request.cookies.getAll().some(
-    (cookie) => cookie.name.startsWith('logto:')
+    (cookie) => cookie.name.startsWith('logto_')
   );
 
   if (!hasSession && !pathname.startsWith('/auth')) {