4

I have 2 separate apps, let's call them Login & Dashboard. Both apps have a UI written in react and an express server.

In my Login app, when I make a POST from my Login UI, it hits the Login Express server to authenticate. Once authenticated, I set a cookie and redirect to my Dashboard url:

res.cookie(cookie.key, cookie.access_token, {
      path: '/',
      domain: cookie.domain,
      httpOnly: true,
      maxAge: cookie.rememberExpiry
    })

res.redirect(dashboard_url)

However when I use req.cookies in my dashboard app I don't see any cookies.

When I make the POST from my Login UI I do indeed see a network call stating response header:

Set-Cookie: mycookie=cookievalue; Max-Age=28800; Domain=.local.myurl.com; Path=/; Expires=Thu, 03 Nov 2016 19:20:39 GMT; HttpOnly

Note that as of this moment the time is Nov 3 2016, 11:28 GMT so its not an expiry issue.

To test I have edited my hosts file such that login.local.myurl.com & dashboard.local.myurl.com point to localhost.

Is there any reason why the req.cookies is not available in the Dashboard express app??

Improve this question
8
  • Can you see the cookies being sent with the request? Is the request for which no cookies are set a "regular" request, or an XHR request? Commented Nov 3, 2016 at 11:48
  • what do you mean by "can I see the cookies being sent with the request"? I see nothing when i log req.cookies in my dashboard express server. Iny my Login UI when I POST to the Login Express server, I see in my chrome network tab: POST 302 found with response headers set Commented Nov 3, 2016 at 11:52
  • In the network tab, look at the request being made from the dashboard and check if that request contains a Cookie header (to rule out that the cookie-parser middleware isn't being used properly). Commented Nov 3, 2016 at 11:54
  • It contains no cookie header Commented Nov 3, 2016 at 12:10
  • Okay, so is the request that's being made a regular request, or an XHR ("AJAX")-based request? Commented Nov 3, 2016 at 12:38

1 Answer 1

Reset to default
2

My problem was 2 fold.

First I needed to set credentials: 'same-origin' on fetch, which is to say that I had to allow cookies to persist on the request library I was using.

Second, because my server and my client are essentially separate, a redirect on the server did not have the intended effect on the client. Hence I could not just res.redirect from the server response. instead I replaced the res.redirect line with res.status(200).send() and in my client code, I simply did window.location.replace('http://dashboardurl.com').

Hope that helps anyone who has this issue in the future.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I am trying this approach, but I still don't see the cookies after navigating to my "dashboardurl.com"

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.