Allow setting custom cookie name instead of "authjs"

[paramaggarwal]

☕️ Reasoning

Currently the cookie is always authjs by default - this exposes the implementation detail of the cookie and advanced usecases should allow customising the name of the cookie to prevent malicious users from introspecting implementation details of the authentication mechanism used by a particular website.

🧢 Checklist

• [x] Documentation
• [x] Tests
• [x] Ready to be merged

📌 Resources

• Security guidelines
• Contributing guidelines
• Code of conduct
• Contributing to Open Source

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
auth-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Nov 8, 2024 3:39am

1 Skipped Deployment

| Name | Status | Preview | Comments | Updated (UTC) | | :--- | :----- | :------ | :------- | :------ | | **next-auth-docs** | ⬜️ Ignored ([Inspect](https://vercel.com/authjs/next-auth-docs/4SjELjngCyPTP4VwGYcsfGkqzgoR)) | [Visit Preview](https://next-auth-docs-git-fork-paramaggarwal-patch-2-authjs.vercel.app) | | Nov 8, 2024 3:39am |

[vercel[bot]]

@paramaggarwal is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

[balazsorban44]

Thanks, but this is already possible via the config.cookies option, we could rather improve its documentation. See: https://authjs.dev/reference/core#cookies and https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/index.ts/#L585-L599

[paramaggarwal]

Thanks, I'm aware of the config.cookies option - but it requires overriding every single cookie name separately and also handle the __Secure or __Host prefix addition when needed. My goal was to give a simple setting that allowed one to update just the main authjs part of the cookie name. This would be the most common usecase if you think about it.

We could also move my suggestion inside the config.cookies setting as config.cookies.name?