you are trying to handle the expires of your jwt tokens on your own. However, next-auth already does it for you. And you also already added it in your code:

session: {
    strategy: "jwt",
    maxAge: 30 * 24 * 60 * 60,
    updateAge: 24 * 60 * 60,
  },

So just remove your custom expire logic and next-auth will do the rest for you

will this resolve the issue of 403 on sign in and signout issue that happens after i start the pm2 service

that should be the case. In my head the issue is right now, that the token expires too early and next-auth thinks that its still there (as its still here - just expired) and like that does not redirect like expected

I am confused this issue only presist in production. i had it perfectly runiing on dev and local.

can you test this: https://nextjs-forum.com/post/1460496233796866281#message-1460526274664464506?

I've tested this

Some people also doing weird stuff like this:

NEXTAUTH_SECRET=$(openssl rand -base64 64)

Instead of generating a new one everytime, use a static one (pls dev & prod different ones)

Ok let me test this

this solution doesn't work either

It’s pretty hard for me to determine the exact issue. If you can provide a repo that reproduces the issue, send it into this thread and we can have a look on it in detail and test stuff, while you are doing something else

actualy this issue only presist in my production enviroment. it works fine in local and dev enviroment

Then it’s impossible for us to help you out there without having a reproduction of the clear issue