Express-session cookie not saving in browser

Question

I've been researching this for hours now. What could be the reason why the cookies are not being saved in the browser? I'm using express-session. Below are the pieces of code I'm using.

const app = express();

// CORS config
app.use(cors({
  origin: process.env.API_URL,
  credentials: true,
  optionsSuccessStatus: 200
}));

app.use(cookieParser());

// Where the sessions are stored
const MongoDBStore = new MongoDBSession({
  uri: process.env.MEDIRECORDS_URI,
  collection: "sessions"
})

app.set("trust proxy", 1);

const oneDay = 1000 * 60 * 60 * 24;

app.use(session({
  name: "irmp_session",
  secret: process.env.AWS_SESSION_KEY,
  resave: false,
  saveUninitialized: false,
  maxAge: 7200000, // 2 hrs validity
  store: MongoDBStore,
   cookie: {
    path: '/',
    sameSite: false,
    secure: false,
    maxAge: oneDay
  }
}))

When I try to login using the frontend, the login is successful, the session is stored in the database. However, when I check the cookie storage, it is empty.

score 4 · Answer 1 · answered May 17 '22 at 10:04

After spending hours of researching, I learned that this is due to Chrome's cookie updates. Here is what the update is all about.

As the link states, for a cookie to be saved in Chrome and if it is really needed to set the sameSite to none, developers should set the secure option to be true. Default value of sameSite if not set is lax.

Hope this helps anyone who might encounter the problem.

score 3 · Answer 2 · answered Oct 23 '22 at 08:22

3

If anyone here uses heroku or render.com for free, I added all the answers above but it is still not working. I have tried another solution here which is add app.set("trust proxy", 1); before app.use(session(sessionSettings)) and it now saves cookie to different browsers.

answered Oct 23 '22 at 08:22

ceci

46
4

1

Also found this when using Cloudflare tunnel :) thanks for the hint! – Doug Jan 15 '23 at 21:21
1

The solution you linked helped me after a week of trial and error. I'm using Render.com btw. – Jacob Broughton Feb 25 '23 at 16:54

score 0 · Answer 3 · answered Aug 20 '22 at 17:44

Thank you so much for sharing it. I was stack on this for 2 days now, in localhost things worked perfectly, but after deploy my MERN app in differents servers, cookie stoped working...

using express-session:

app.use(session({
   .......
   .......
    cookie:{
    maxAge: 24*60*60*1000, //please change it based on your needs
    secure: app.get('env') === 'production'?true:false,
    sameSite: 'none' 
}}));

this will solve the problem!!

Express-session cookie not saving in browser

3 Answers3

Linked