0

apologies in advance for what seems like a repeat question.

I've tried lots of other stack overflow and other solutions and cant seem to see what I'm doing wrong.

I'm trying to send and set a cookie from my express server to my front end so that it can be sent back with each request to authenticate. This is working in insomnia and on the 9090 host but when I push it up to the proper server it just stops working and wont set the cookie at all.

all the headers are showing up

I'm also getting no errors in the console so no help there.

react example of request

    export const logIn = (formInput) => {
      return listApi.post(`/users/authenticate`, formInput, {withCredentials:true})
      .then( ({ data }) => {
        return data
      })

express

        app.use(cors({
        origin: "http://192.xxx.x.xx:xxxx",
        credentials: true,
        origin: true
    }));

       res.status(200)
        .header('Access-Control-Allow-Credentials', true)
        .header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept')
        .header("Access-Control-Allow-Origin", "http://192.168.1.69:3000")
        .header("Access-Control-Allow-Methods", "GET,POST,PATCH,PUT,DELETE,OPTIONS")
        .cookie('access_token', token, {expires:tokenExpire, 
          sameSite: 'None', 
          secure: true, 
          httpOnly: true, 
          Domain: 'http://192.168.1.69:3000'})
        .send({ msg: 'success' });
      } else {
        Promise.reject( {status: 401, msg: 'unauthorized - invalid username and password'})
        .catch(err => next(err))
      }
    };

EDIT: here are the things I've read so far

res.cookie not setting cookie in browser

Express-Session not working in production/deployment

Express-session cookie not saving in browser

Cookies on localhost with explicit domain

https://www.reddit.com/r/reactjs/comments/vxvdib/cookie_not_being_set_in_react_app_express_backend/

Express doesn't set a cookie

dood
  • 25
  • 1
  • 5
  • 1
    Your cookie's `Domain` attribute is invalid. Leave it out altogether. – jub0bs Nov 01 '22 at 22:06
  • Hi there, thanks very much for your response. I've now removed that and it still doesn't want to set the cookie... – dood Nov 03 '22 at 15:39
  • 1
    What is the URL of your server? Does it use `http` or `https`? If it uses `http`, it cannot set a `Secure` cookie. – jub0bs Nov 03 '22 at 17:21
  • it seems to be a https URL. – dood Nov 08 '22 at 10:04
  • found something that's worked for me (I think). [https://stackoverflow.com/questions/58523383/express-not-setting-cookie][1] "...the cookie should be set on the API server domain, NOT on client domain". If anyone has a more in depth explanation to why this works I'd be happy to have a read! Right now I'm a bit dubious as I don't see how without the cookie being exchanged its actually secure and unfortunately don't have enough rep to add a comment to the original post... [1]: https://stackoverflow.com/questions/58523383/express-not-setting-cookie – dood Nov 08 '22 at 14:09

0 Answers0