0

I am trying to set a cookie via express with the following code snippet:

return res.cookie('session', sessionCookie, options).status(200).json({ user });

where sessionCookie is a long string and options is an object as follows: 

const options = {
    maxAge: 86400 * 1000,
    httpOnly: true,
    secure: false,
    signed: true
};

I've configured CORS appropriately and have tried using both Postman and axios to generate requests, Postman shows no cookies in the response and axios via browser is the same.

No idea what I'm doing wrong, any help would be great thanks.

user is just an object containing token values and what not

EDIT: Here is all the server side code that is related.

router.post('/auth/login', (req, res) => {
    const result = Joi.validate(
        { email: req.body.email, password: req.body.password },
        schema
    );
    if (result.error) {
        return res
            .status(400)
            .json({ message: result.error.details[0].message });
    }

    firebase
        .auth()
        .signInWithEmailAndPassword(req.body.email, req.body.password)
        .then(result => {
            const user = result.user;
            const expiresIn = 60 * 60 * 24 * 5 * 1000;

            firebase
                .auth()
                .currentUser.getIdToken(true)
                .then(idToken => {
                     admin
                        .auth()
                        .createSessionCookie(idToken, {
                            expiresIn,
                        })
                        .then(sessionCookie => {
                            const options = {
                                maxAge: 86400 * 1000,
                                httpOnly: false,
                                secure: false,
                                signed: true
                            };
                            return res.cookie('session', sessionCookie, options).status(200).json({ user });
                        })
                        .catch(err => console.log(err));
                 });
        })
        .catch(err => {
            return res.status(403).json({ message: err.message });
        });
    });
Nick
  • 59
  • 6
  • `res.cookie('session', 'session_cookie', { expires: new Date(Date.now() + 86400000), httpOnly: true });` Use `new Date(Date.now())` You are not returning a response also, you just send it in the route. – ABC Apr 17 '19 at 00:35
  • Possible duplicate of [How to set cookie in node js using express framework?](https://stackoverflow.com/questions/16209145/how-to-set-cookie-in-node-js-using-express-framework) – ABC Apr 17 '19 at 00:41
  • `res.cookie()` sets a cookie into the headers waiting to be sent. It does NOT send the response. You need to do that also so that the response and headers are actually sent. How are you checking for the cookie later on such that you say it isn't there? You may need to show more of your relevant server code. – jfriend00 Apr 17 '19 at 00:42
  • The .json() at the end sends the response. – Nick Apr 17 '19 at 00:46

0 Answers0