3

I am sending cookie in response from node backend to my frontend after jwt signing. In the network tab on frontend , the set-cookie is visible and the cookie is been shown , but in the application tab , the cookie is not getting shown. Why is it?

Backend Function Code for sending cookie :

import jwt from 'jsonwebtoken' export const generateTokenAndSetCookie = (userId , res)=>{ const token = jwt.sign({userId} , process.env.JWT_SECRET , { expiresIn : '15d', } ) res.cookie("jwt" , token , { httpOnly: false, secure: true, sameSite:'none' }) }

CORS Code :

app.use(cors({credentials : true , origin : 'http://localhost:3000'}));

Frontend Code for sending POST request for Login :

const handleSubmit = async (e) => { e.preventDefault(); // console.log(formData); if (!formData.password || !formData.username) { toast("Please Fill All the Fields !"); return; } try { setLoading(true); const res = await fetch(`${PROXY_URL}/api/auth/login`, { method: "POST", headers: { "Content-Type": "application/json", }, body: JSON.stringify(formData), }); const data = await res.json(); if (!res.ok){ toast.error(data.error || "Failed to Login"); setLoading(false); return; } setLoading(false); setIsError(false); // console.log(data); console.log(document.cookie); toast.success("User Logged In Successfully !"); setFormData({ username: "", password: "", }) } catch (error) { setIsError(true); console.log(error); } };

Network Tab Picture :

Network tab pic

Application tab Picture at same time:

application Tab pic

What to do ?

Improve this question
3
  • are you sure that you are using localhost everywhere and not 127.0.0.1?
    – Ben
    CommentedJul 12, 2024 at 13:36
  • 1
    What is the value of PROXY_URL? It needs to be the same origin as your website
    – Duannx
    CommentedJul 13, 2024 at 15:00
  • @Aditya Nagare, could you solve it?
    – Snake_py
    CommentedJul 14, 2024 at 22:02

5 Answers 5

Reset to default
2

This very often happens to me as well. Can you try to rewrite your api call to have credentials set to include.

 const res = await fetch(`${PROXY_URL}/api/auth/login`, { method: "POST", headers: { "Content-Type": "application/json", }, body: JSON.stringify(formData), credentials: 'include' });

I also think you might need to adjust the server to this:

 res.cookie("jwt" , token , { httpOnly: true, // I think if server needs to set a cookie it must be httpOnly secure: process.env.NODE_ENV === 'production', sameSite:'none' })

In addition these two posts might help you:

Improve this answer
0
    0

    Set secure to false, perhaps using an environment variable to differentiate between your dev environment and production.

    This is because the secure option ensures that the cookie is only sent over a secure connection which is indicated by "https://" in the address. In development mode, your connection is insecure since you're accessing from "http://localhost".

    import jwt from 'jsonwebtoken' export const generateTokenAndSetCookie = (userId , res)=>{ const token = jwt.sign({userId} , process.env.JWT_SECRET , { expiresIn : '15d', } ) res.cookie("jwt" , token , { httpOnly: false, secure: process.env.NODE_ENV === 'production', sameSite:'none' }) }
    Improve this answer
    5
    • i did that also , but still not working.
      – Aditya Nagare
      CommentedJul 8, 2024 at 3:05
    • Oh dang. Can you try including credentials in your fetch request?
      – Alecia Vogel
      CommentedJul 8, 2024 at 3:15
    • I did that too.
      – Aditya Nagare
      CommentedJul 8, 2024 at 6:23
    • Good answer but there is an exception for localhost.
      – Chukwujiobi Canon
      CommentedJul 9, 2024 at 3:54
    • what to do then?
      – Aditya Nagare
      CommentedJul 10, 2024 at 5:11
    0

    Looks like you're having some trouble setting up cookies, so let's just try with all the cookie options as I previously had a similar kind of issue.

    // Set cookie options const cookieOptions = { // httpOnly: true, // Prevents client-side access to the cookie sameSite: "None", // Allows cross-origin requests to include the cookie secure: true, // Ensures the cookie is only sent over HTTPS domain: "192.168.99.62", // Set to your server's domain, do not type localhost, use your IP instead path: "/", // Cookie is valid for all routes expires: new Date(Date.now() + 3600000), // Cookie expires in 1 hour (adjust as needed) }; // Set the cookie res.cookie("authToken", jwtToken, cookieOptions);
    Improve this answer
    3
    • still not working
      – Aditya Nagare
      CommentedJul 10, 2024 at 5:11
    • which browser you're using?
      – Shams Wali Sowmo
      CommentedJul 10, 2024 at 6:18
    • chrome. But if I used another , it still gives the same error.
      – Aditya Nagare
      CommentedJul 10, 2024 at 13:42
    0

    It seems like your frontend and backend are not on the same domain (or port). When you set a cookie from your backend, it places it on the domain of your backend. To use a different domain, you have to specify it explicitly:

    res.cookie("jwt" , token , { httpOnly: false, secure: true, sameSite:'none', domain: 'http://localhost:3000', })
    Improve this answer
      0

      I got my answer. While sending the fetch request to the server, I was not passing the header :

      headers: { "Content-Type": "application/json", },

      After passing this header, everything worked fine.

      Improve this answer

        Start asking to get answers

        Find the answer to your question by asking.

        Ask question

        Explore related questions

        See similar questions with these tags.