I am using Next Auth with only 1 provider, Azure AD. Usually, Next-Auth with create a session token (__Secure-next-auth.session-token) that I can send to my backend and decode for authentication.

Recently this token disappeared and in its place there are now two tokens:

• __Secure-next-auth.session-token.0
• __Secure-next-auth.session-token.1

Neither of these tokens are properly formatted JWTs that my backend can decode.

What are these new tokens and how can I get the old one back?

route.ts

import NextAuth from "next-auth"
import AzureADProvider from "next-auth/providers/azure-ad"
    
const providers = [
    AzureADProvider({
        clientId: process.env.AZURE_AD_CLIENT_ID || '',
        clientSecret: process.env.AZURE_AD_CLIENT_SECRET || '',
        tenantId: process.env.AZURE_AD_TENANT_ID,
    }),

]

export const authOptions = {
    providers: providers
}

const handler = NextAuth(authOptions)

export { handler as GET, handler as POST }

from docs:

Cookies in NextAuth.js are chunked by default, meaning that once they reach the 4kb limit, we will create a new cookie with the .{number} suffix and reassemble the cookies in the correct order when parsing / reading them. This was introduced to avoid size constraints which can occur when users want to store additional data in their sessionToken, for example.

if you concatenate both tokens, you should get the complete token.