fix(api): adjust levels for cookie related logs (#59946)

api/src/plugins/cookie-update.ts

@@ -33,7 +33,7 @@ export const cookieUpdate: FastifyPluginCallback<Options> = (
       void reply.setCookie(cookie, raw, options.attributes);
     }
 
-    logger.debug('Updated cookies for user.');
+    logger.trace(`Updated cookies for user ${request.user?.id}.`);
 
     next();
   });

api/src/plugins/cookies.ts

@@ -73,7 +73,7 @@ const cookies: FastifyPluginCallback = (fastify, _options, done) => {
     void this.clearCookie(CSRF_SECRET_COOKIE);
     void this.clearCookie(CSRF_COOKIE);
 
-    logger.debug('Clearing cookies for user.');
+    logger.trace('Clearing cookies for user.');
   });
 
   done();

api/src/plugins/csrf.ts

@@ -23,7 +23,7 @@ const csrf: FastifyPluginCallback = (fastify, _options, done) => {
     // tokens since we know we can provide this one
     getToken: req => req.headers[CSRF_HEADER] as string,
     cookieOpts: { signed: false, sameSite: 'strict' },
-    logLevel: 'debug'
+    logLevel: 'debug' // TODO: change to trace
   });
 
   // All routes except signout should add a CSRF token to the response
@@ -32,7 +32,7 @@ const csrf: FastifyPluginCallback = (fastify, _options, done) => {
     const isSignout = req.url === '/signout' || req.url === '/signout/';
 
     if (!isSignout) {
-      logger.debug('Adding CSRF token to response');
+      logger.trace('Adding CSRF token to response');
       const token = reply.generateCsrf();
       void reply.setCookie(CSRF_COOKIE, token, {
         sameSite: 'strict',