0

I have a fullstack application with a flask backend and a react frontend. The way I have been dealing with user sessions and user authentication has been through the use of flask-session. Essentially, I use redis and flask-session to create a server-side session which I use to store various information on the user.

In the local environment, when the user logs in, a cookie with the name of session and a random session value is set in the user's browser.

This cookie is then sent to the backend server on every subsequent requests, and in this way the backend server is able to retrieve the correct session from Redis.

However, when I deployed my application onto heroku, upon logging in no cookie gets set on the front-end application.

If anyone knows why this is and how this can be prevented I'd greatly appreciate it.

(P.S., upon researching I found few people saying that this is because heroku websites's domains are on Public Suffix List and that's why you can't set cookies for them - but I even purchased a custom domain and set it up and I'm still facing this issue.)

m3hran
  • 131
  • 8

1 Answers1

0

Check if you are using the same domain for front and backend. Cookies are set as SameSite by default, which means that the browser won't send them on your frontend request if domains don't match

https://developer.mozilla.org/pt-BR/docs/Web/HTTP/Headers/Set-Cookie/SameSite

It may work on localhost because the domain is "localhost" for both front and backend.

You can try this: https://medium.com/nirman-tech-blog/sharing-cookies-between-different-domains-d3faec71e038

If it's a subdomain, you can use Domain=*.yourdomain.com when setting a cookie. If it won't work, you'll need send data on request body.

Look at the browser's console to see if it alerts something.

Galeno de Melo
  • 11
  • 3
  • They are not set on the same domains - i have two separate applications one for frontend and one for backend running on heroku. Is there a way to allow flask-session cookie to be sent when it's not the same site? I looked at the link you sent, the problem is with flask-session the cookie is set and sent automatically, so i'm not sure how I can change the setting to allow for other sites. – m3hran Apr 05 '23 at 19:30
  • I don't know much about flask, but this seems to work: https://stackoverflow.com/a/70636439/20991328 As you can see, he configured the session to be cross-domain. Sorry, but I don't know any alternative :\ Take a look on the second response, too. It may clarify some things – Galeno de Melo Apr 05 '23 at 19:45