session icon indicating copy to clipboard operation
session copied to clipboard

Published 20 hours ago verified publisher icon expressjs

When Run frontend and backend in diff domain it not working

Open AsrarMemon opened this issue 2 years ago • 2 comments

`var express = require('express'); var cookieParser = require('cookie-parser'); var session = require('express-session'); var cors = require('cors')

var app = express();

app.use(cors())

app.use(cookieParser()); app.use(session({ secret: "thisismys", saveUninitialized: true, cookie: {
domain: 'localhost:4000', sameSite: 'none', secure: false, maxAge: days }, resave: true }));

app.get('/', function(req, res){ if(req.session.page_views){ req.session.page_views++; res.send("You visited this page " + req.session.page_views + " times"); } else { req.session.page_views = 1; res.send("Welcome to this page for the first time!"); } }); app.listen(4022)`

When I run Frontend and backend on localhost it working But When I put this backend code on server and try to call from frontend it is always retune first time I have already tried with credentials, sameSite all options but nothing work for me

Your help would be great for me, Already opened issue on slack as well not reply received

AsrarMemon avatar Mar 03 '23 19:03 AsrarMemon

domain: 'localhost:4000',

You need to change this to your domain. Otherwise, the cookie will not be set and naturally it will seem like no session was created.

jrjake avatar Mar 03 '23 21:03 jrjake

Hey @AsrarMemon! I am facing the same challenge. Setting up the cookie in the browser in the deployed environment is not as simple as we think it is. Especially when the client and server are deployed at different origins. I tried various possible configurations of cors middleware and express-session middleware. For instance,

app.use(cors({ origin: ${ process.env.CLIENT_URL }, credentials: true, }));

app.use(session({ name: 'GitHubConnect.sid', secret: process.env.SESSION_SECRET, resave: false, saveUninitialized: false, cookie: { domain: process.env.COOKIE_DOMAIN, maxAge: 1000 * 60 * 60 * 24, secure: true, httpOnly: true, } }));

app.use((req, res, next) => { res.setHeader("Access-Control-Allow-Origin", process.env.CLIENT_URL); next(); })

But, I came to an understanding that this works only for projects that are deployed at a single origin. Apparently, we cannot set cookies in cross-origin deployed projects. Hence, I recommend you to choose other methods such as token-based authentication - JWT.

Sheshant-Manure avatar Mar 17 '24 09:03 Sheshant-Manure