Reputation: 151
Passport.Js not able to get session from client for some browsers - works perfectly on localhost but not when deployed
Heyyo, this issue is driving me nuts.
I have an issue where Passport.Js seems to not be getting a user session sent back from the user. Everything else seems to work fine, and there is no problem serializing or deserializing the user.
When deployed, it seems to work fine on Firefox, but not on Chrome. It works on Chrome when I am testing on my local machine using http://localhost:PORT, but just not when deployed.
Because it works fine on my local machine, I was wondering if it might be an https/http issue?
Does anyone have any idea what the issue could be? Thank you.
Middleware:
app.use(cookieParser());
app.use(expressSession({
resave: true,
saveUninitialized: true,
secret: process.env.REACT_APP_SESSION_SECRET,
}))
app.use(passport.initialize());
app.use(passport.session())
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cors({
origin: "https://example.url",
methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
credentials: true,
}));
app.use(express.static('public'));
Example of request to server:
fetch(`https:example.url/sync/`, { credentials: 'include'})
.then({ // ... })
Thanks in advance.
Upvotes: 4
Views: 1277
Answers (1)
Reputation: 151
After hours spent figuring out an answer, I've found out what the issue is. Posting so that others may see.
Firstly, there was definitely an http/https issue. I had to implement the following middleware in my Express server to ensure that my requests to google auth were being sent securely via https.
app.enable('trust proxy')
Secondly, Chrome browser had set a cookie but was not sending it back to the server because of missing security settings for the cookies. This was required as of February 2020. The following options resolved this issue:
app.use(expressSession({
// .. other settings ..
cookie: {
sameSite: 'none',
secure: true
}
}))
The requirement is outlined here: https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Hope this helps anyone stuck on this problem.
Upvotes: 8
Related Questions
- Cookies not storing in browser when using Passport with Express
- Can't retrieve session id / cookies from passport.js login in order to send them with the next request
- PassportJS and Express 4 not saving cookies / session correctly
- Passport-Local fails to auth Express Session cookie
- No cookie stored in browser when using Passport + Express authentication
- Cookie is not set using express and passport
- Express session cookie not being set in browser
- Session issues with Passportjs
- Using cookieSession with Passport
- Node - Express - Session not working?