From cdb93a30a00ea608294baef9d6a85f3bfbbc5597 Mon Sep 17 00:00:00 2001
From: alma <alma@governance-labs.org>
Date: Sun, 4 Jan 2026 01:40:25 +0100
Subject: [PATCH] correction nextauth

---
 app/api/auth/options.ts | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/app/api/auth/options.ts b/app/api/auth/options.ts
index ee6f390b..e181aa11 100644
--- a/app/api/auth/options.ts
+++ b/app/api/auth/options.ts
@@ -281,7 +281,7 @@ export const authOptions: NextAuthOptions = {
       return refreshedToken;
     },
     async session({ session, token }) {
-      // If session was invalidated or tokens are missing, throw error to trigger sign out
+      // If session was invalidated or tokens are missing, return null to sign out
       if (token.error === "SessionNotActive" || 
           token.error === "NoRefreshToken" ||
           !token.accessToken || 
@@ -292,9 +292,11 @@ export const authOptions: NextAuthOptions = {
           hasRefreshToken: !!token.refreshToken
         });
         
-        // Throw error to make NextAuth treat user as unauthenticated
+        // Return null to make NextAuth treat user as unauthenticated
         // This will trigger automatic redirect to sign-in page
-        throw new Error(token.error || "SessionInvalidated");
+        // The client-side code will detect session invalidation by checking for
+        // session cookie existence when status is unauthenticated
+        return null as any;
       }
       
       // For other errors, throw to trigger error handling