Refactor session encryption variable names for consistency

- Changed `NUXT_SESSION_SECRET` to `NUXT_SESSION_PASSWORD` across configuration files and documentation to align with the usage in nuxt-auth-utils.
- Updated related comments and documentation to reflect the new variable name, ensuring clarity for developers and users.

.env.example

@@ -35,7 +35,8 @@ REDIS_PASSWORD=
 # SESSION ENCRYPTION (nuxt-auth-utils)
 # ==============================================
 # Generate with: openssl rand -hex 32
-NUXT_SESSION_SECRET=generate-with-openssl-rand-hex-32
+# This variable is automatically used by nuxt-auth-utils for session encryption
+NUXT_SESSION_PASSWORD=generate-with-openssl-rand-hex-32
 
 # ==============================================
 # CIDAAS (OAuth2/OIDC Authentication)

docs/ARCHITECTURE.md

@@ -1323,7 +1323,7 @@ CIDAAS_JWKS_URL=https://experimenta.cidaas.de/.well-known/jwks.json
 NUXT_SESSION_PASSWORD=<64-char-hex-secret>
 ```
 
-**Cidaas Admin Panel Setup:**
+**Cidaas Admin Panel Setup:**
 
 1. Create OAuth2 application in Cidaas
 2. Configure Grant Types: `authorization_code`, `refresh_token`

docs/CIDAAS_INTEGRATION.md

@@ -221,7 +221,7 @@ CIDAAS_REDIRECT_URI=http://localhost:3000/api/auth/callback  # Dev
 # CIDAAS_REDIRECT_URI=https://my.experimenta.science/api/auth/callback  # Production
 
 # Session Encryption Secret (generate with: openssl rand -hex 32)
-NUXT_SESSION_SECRET=your-64-character-hex-secret-here
+NUXT_SESSION_PASSWORD=your-64-character-hex-secret-here
 ```
 
 **Erstelle `.env.example`** (für Git - ohne echte Secrets):
@@ -237,7 +237,7 @@ CIDAAS_TOKEN_URL=https://experimenta.cidaas.de/token-srv/token
 CIDAAS_USERINFO_URL=https://experimenta.cidaas.de/users-srv/userinfo
 CIDAAS_JWKS_URL=https://experimenta.cidaas.de/.well-known/jwks.json
 CIDAAS_REDIRECT_URI=http://localhost:3000/api/auth/callback
-NUXT_SESSION_SECRET=generate-with-openssl-rand-hex-32
+NUXT_SESSION_PASSWORD=generate-with-openssl-rand-hex-32
 ```
 
 **Session Secret generieren:**
@@ -276,10 +276,10 @@ export default defineNuxtConfig({
     },
 
     // Session configuration
+    // Note: nuxt-auth-utils automatically reads NUXT_SESSION_PASSWORD from process.env
     session: {
       maxAge: 60 * 60 * 24 * 30, // 30 days in seconds
       name: 'experimenta-session',
-      password: process.env.NUXT_SESSION_SECRET,
     },
 
     // Public keys (auch Client-seitig verfügbar)
@@ -2295,7 +2295,7 @@ CIDAAS_JWKS_URL=https://experimenta.cidaas.de/.well-known/jwks.json
 CIDAAS_REDIRECT_URI=https://my.experimenta.science/api/auth/callback
 
 # Generate new secret for production!
-NUXT_SESSION_SECRET=<64-char-hex-secret>
+NUXT_SESSION_PASSWORD=<64-char-hex-secret>
 
 NODE_ENV=production
 ```
@@ -2316,7 +2316,7 @@ services:
     environment:
       - CIDAAS_CLIENT_ID=/run/secrets/cidaas_client_id
       - CIDAAS_CLIENT_SECRET=/run/secrets/cidaas_client_secret
-      - NUXT_SESSION_SECRET=/run/secrets/session_secret
+      - NUXT_SESSION_PASSWORD=/run/secrets/session_secret
 
 secrets:
   cidaas_client_id:

docs/TESTING.md

@@ -218,7 +218,7 @@ test:
 **Problem:** Session-related tests fail unexpectedly
 
 **Solutions:**
-1. Verify `NUXT_SESSION_SECRET` is set in `.env`
+1. Verify `NUXT_SESSION_PASSWORD` is set in `.env`
 2. Clear Redis cache: `docker-compose -f docker-compose.dev.yml restart redis`
 3. Check session expiration settings in `nuxt.config.ts`
 

nuxt.config.ts

@@ -69,10 +69,10 @@ export default defineNuxtConfig({
     },
 
     // Session configuration
+    // Note: nuxt-auth-utils automatically reads NUXT_SESSION_PASSWORD from process.env
     session: {
       maxAge: 60 * 60 * 24 * 30, // 30 days in seconds
       name: 'experimenta-session',
-      password: process.env.NUXT_SESSION_SECRET || '',
     },
 
     // Test credentials (for automated testing only)