Hi there! Hugely appreciate the screenshots, really helps clear up uncertainty
The short answer is hardcoding the cookie’s secure
field to be true
+ using the workaround described here (bottom) should make the connection work
The longer explanation is
- having cookies work from one site to another requires
sameSite: none
(which I see has already been set) -
sameSite: none
requiressecure: true
(which I see is currently dependent on the environment) - there’s an open issue on express-session where it doesn’t send the set-header header when encountering a request made to a server running with “secure: true” running on a non-https endpoint even for localhost
- setting
trust proxy
totrue
on the server, and sendingx-forwarded-proto
tohttps
as the header will trick it into setting the cookie
There’s a different workaround suggested by express-session’s maintainer to overwrite the value of req.secure using object.defineProperty on your server, should also work
Hope that helps!