Cookie not being set using Node.js and express

Question

I am trying to set a cookie with Node.js and express but when I check in chrome dev tools there is no cookie. I am obviously doing something wrong but not sure what.

In my loginController.js I have

exports.postLogin = async (req, res) => {
  const { email, password } = req.body;
  const user = await authenticate(email, password);
  if (!user) return res.status(403).send("Invalid email or password");
  const userData = {
    name: user.name,
    email: user.email,
    type: AUTH_USER_TYPE
  };
  res.cookie("token", userData, { httpOnly: true, signed: true });
  res.json(userData);
};

And in app.js I have:

const cookieParser = require("cookie-parser");
app.use(cookieParser(process.env.COOKIE_SECRET));

Answer 1

You need to define httpOnly: false, like:

res.cookie("token", userData, { maxAge: 1000 * 60 * 10, httpOnly: false });

At client-side you need to send withCredentials: true in request

$http({
    method: 'POST',
    url: 'url, 
    withCredentials: true,
    data : {}
}).then(function(response){
    //response
}, function (response) {
    //response
});

Note: httpOnly : false will not be accessible through document.cookie in the browser. It will still be sent with HTTP requests, and if you check your browsers' dev tools you will most likely find the cookie in Chrome can be found in the Resources tab of the dev tools.