Expo authentication with session_id

Question

We are working with node.js on the backend with passport.js for authentication. On the frontend we have expo framework on top of react native.

We want to authenticate users via expo to this backend. We would like social media similair behaviour: so no need to relogin everytime you use the app.

We do not explicitly send the session_id on the node.js backend, it seems that passport.js handles this automatically by interacting with the browser.

The problem is we can not see the session_id when fetching in expo, not in the header, nor in the payload. We googled and found: How to access cookies with React Native Expo. But this is from couple years ago and we thought surely more people work with session_ids to authenticate, so there must be a solution to this. Why do we not see the cookie session_id? Are cookies handled before it reaches the fetch/react native? Also https://github.com/react-native-cookies/cookies CookieManager is not supported in expo.

Our idea now is that, if we can access the session_id: send login request with email and password, retrieve session_id from server, save the session_id and every new request include the session_id in the header. Is this a good approach? We are anxious that maybe sending a cookie manually via the header in fetch will clash with the overlying network manager system of ios/android?

Can someone points us in the right direction of how to use session_ids to authenticate users in expo on mobile.

Answer 1

We ended up implementing the authentication with session_id: We found out that only when users logs in (when not already logged in), the server sends a cookie with session_id in the response header. We get this cookie and save it in storage and in a state. For every subsequent get/post request to the server, we set this session_id as a cookie in the header. Up until now it seems like this cookie-setting overrides the default cookie of the upper-layer web-handling from the phone.