Help with NextAuth middleware page protection!

[burstWizard]

Hi, I'm integrating nextauth into my web app, and ran into trouble with page protection using middleware. I have, at my root, a middleware.js file that contains:

export { default } from "next-auth/middleware"
export const config = { matcher: ["/student/account"] }

as per [https://next-auth.js.org/configuration/nextjs#middleware]

I've also setup the NEXTAUTH_SECRET environment variable with a string generated using openssl.

When I try to access /student/account, it redirects me to the login page. However, it does this even when I am logged in. I know that the user is logged in properly because non-protected pages are accessing and using user data just fine.

What can I be doing wrong? My code follows what the docs say to do.