rack-cors icon indicating copy to clipboard operation
rack-cors copied to clipboard

Published 20 hours ago verified publisher icon cyu

The browser does not store the cookies session

Open danielmalaton opened this issue 1 year ago • 0 comments

Context:

  • My frontend app is running on http://localhost:8080
  • My backend app (Rails) is running on http://localhost:3000. This is an API app
  • Setting cors like below:
Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins 'http://localhost:8080'

    resource '*',
             headers: :any,
             methods: %i[get post put patch delete options],
             credentials: true,
             expose: ['Set-Cookie']
  end
end
  • Setting session store like below:
Rails.application.config.session_store :cookie_store, key: '_my_app_session', domain: :all, same_site: :none, secure: Rails.env.production?
  • I'm sending a POST request withCredentials true that assign value to the session e.g. session[:user_id] = user.id

Current behavior: The response header contains the Set-Cookie:

set-cookie:	_my_app_session=<value>; path=/; httponly; samesite=none

But the browser does not store it in the Storage cookies

Expected behavior: The browser stores it in the Storage cookies

danielmalaton avatar Jun 12 '24 18:06 danielmalaton