From cb6d03458f03c292fabfdb142c4d3281e3c4cd2a Mon Sep 17 00:00:00 2001
From: monoid <qaswedfr55@gmail.com>
Date: Wed, 1 Oct 2025 01:40:35 +0900
Subject: [PATCH] fix: ensure access and refresh cookie values are strings
 before assignment

---
 packages/server/src/login.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/server/src/login.ts b/packages/server/src/login.ts
index 1b9aba6..5f1fc2e 100644
--- a/packages/server/src/login.ts
+++ b/packages/server/src/login.ts
@@ -127,8 +127,8 @@ async function authenticate(
 	const secretKey = setting.jwt_secretkey;
 	const accessCookie = cookie[accessTokenName];
 	const refreshCookie = cookie[refreshTokenName];
-	const accessValue = accessCookie?.value;
-	const refreshValue = refreshCookie?.value;
+	const accessValue = typeof accessCookie?.value === 'string' ? accessCookie.value : undefined;
+	const refreshValue = typeof refreshCookie?.value === 'string' ? refreshCookie.value : undefined;
 
 	const guestUser: PayloadInfo = {
 		username: "",