Vue-cookies with Firebase and Heroku, not being sent

Question

I have a Vue.js project deployed on firebase and a node-express app deployed on Heroku. Now I want to send cookies along with each request to the server using Axios. I am using Axios and cookies are being set using vue-cookies (which are of sameSite: none and secure: true attributes).

In localhost, I can see the cookies in each request in my backend and can access them using req.cookies.session. (The session is my cookie name that is saved on the client-side.)

But in production, I can't see the cookies in the request. What am I doing wrong?

node-express cors

app.use(cors({
  credentials: true,
  origin: 'https://paid-kickstartu-webapp.web.app',
  'Access-Control-Allow-Origin': '*',
}));

Also attaching my screenshots of both Axios configuration and node-express backend for more understanding. Everything is working but cookies are not being sent in the backend from the frontend. In localhost both work as required.

I didn't tried using devServer, tried using localhost in both side. I also tried firebase + local express, I tried local + heroku also which both are not working — Prakhar Gupta, Dec 01 '20 at 19:10
https://stackoverflow.com/questions/44929653/firebase-cloud-function-wont-store-cookie-named-other-than-session — Abhinav Suthar, Dec 03 '20 at 07:26

score 1 · Answer 1 · answered Dec 03 '20 at 07:29

1

Try this

If you are using Firebase Hosting + Cloud Functions, __session is the only cookie you can store, by design. This is necessary for us to be able to efficiently cache content on the CDN -- we strip all cookies from the request other than __session. This should be documented but doesn't appear to be (oops!). We'll update documentation to reflect this limitation.

Also, you need to set Cache-Control Header as private

res.setHeader('Cache-Control', 'private');

answered Dec 03 '20 at 07:29

Abhinav Suthar

96
1
5

l don't want that, I am actually using the cookie generated from admin.auth().createSessionCookie using the token and then sending the cookie to vuejs via response body where i am setting the cookie in vue using vue-cookies. – Prakhar Gupta Dec 03 '20 at 15:37

score 0 · Accepted Answer · answered Dec 03 '20 at 17:12

Thank you all for helping. I have solved this problem, what I was doing before was getting the cookie in res body and saving the cookie on the client-side using vue-cookie, So any call to the backend was showing me empty cookies. But now I am setting the cookie header from my backend (node-express) during login and now when I send any further request's I can see the previous cookies that were set in my headers during login.

Vue-cookies with Firebase and Heroku, not being sent

2 Answers2