0

For the authentication my server (nestjs) sends back a cookie with the token.

This is done like this:

@SetCookies()
@Post("account/signin")
async signin(@Body() dto: LoginDto, @Req() req, ){
  const token = await this._authService.signin(req.user);
  const options: CookieOptions = {
      expires: moment().add(10, "days").toDate(),
      signed: false,
      secure: false,
      sameSite: false,
      httpOnly: true,
  };
  req._cookies = [
     {
          name: "SESSIONID",
          value: token,
          options: options,
     }
  ];
}

And it works! At least postman shows me that the cookie was successfully created and send back.

But when Angular calls the API like this:

public signin(dto: LoginDto): Observable<any>{
  return this._httpClient.post("http://localhost:3000/account/signin", {
    username: dto.username,
    password: dto.password,
  }, {
    withCredentials: true,
  })
}

The set-cookie is send back visible in the network tab of the devtools.

Chrome devtools response headers

But the cookie is not stored in on the disk. The user is logged in but no cookie is persisted. EditThisCookie shows nothing and after a reload no cookie is send when a request to the server is made.

In other questions the problem got resolved by setting the secure attribute of the cookie to false, which i already tried.

I have setup cors with credentials = true on the server, without any errors on both sides while signing in.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
JohnnyS318
  • 3
  • 3
  • If you use Network tab in Chrome DevTools to inspect the POST `http://localhost:3000/account/signin`, then you should see a Cookies sub-tab on the request where you can also enable "show filtered out request cookies". This may help diagnose if the cookie is set but not being sent for some reason. – rowan_m Mar 09 '20 at 11:33
  • So with a different computer but chrome as well the cookie is being stored and everything functions normally. I check it soon if its only one anomaly but i will check the filtered cookie. Thanks – JohnnyS318 Mar 09 '20 at 16:48
  • Chrome is making changes. See this for more info on a possible fix and why it may work on some browsers and not others: https://stackoverflow.com/questions/58270663/samesite-warning-chrome-77 – Eliezer Steinbock May 02 '20 at 18:56

0 Answers0