Cookie not shown/stored in the browser

Hi there! Hugely appreciate the screenshots, really helps clear up uncertainty :pray:

The short answer is hardcoding the cookie’s secure field to be true + using the workaround described here (bottom) should make the connection work

The longer explanation is

  • having cookies work from one site to another requires sameSite: none (which I see has already been set)
  • sameSite: none requires secure: true (which I see is currently dependent on the environment)
  • there’s an open issue on express-session where it doesn’t send the set-header header when encountering a request made to a server running with “secure: true” running on a non-https endpoint even for localhost
  • setting trust proxy to true on the server, and sending x-forwarded-proto to https as the header will trick it into setting the cookie

There’s a different workaround suggested by express-session’s maintainer to overwrite the value of req.secure using object.defineProperty on your server, should also work

Hope that helps!

1 Like