• r

    rp

    2 years ago
    not yet
  • NewCastle252

    NewCastle252

    2 years ago
    I currently have this POC code:
    js
    const express = require('express');
    const supertokens = require('supertokens-node');
    
    const app = express();
    const port = 3001;
    
    supertokens.init({
        hosts: 'https://try.supertokens.io',
        apiKey: 'key',
        cookieSecure: false,
        cookie_domain: 'localhost:3001',
    });
    
    //
    
    app.get('/', (req, res) => res.send('Hello World!'));
    
    app.get('/login', async (req, res) => {
        const userId = 'User1';
        const jwtPayload = { name: 'spooky action at a distance' };
        const sessionData = {
            awesomeThings: ['programming', 'javascript', 'supertokens'],
        };
    
        await supertokens.createNewSession(res, userId, jwtPayload, sessionData);
    
        res.send('logged in');
    });
    
    app.get('/refresh', supertokens.middleware(), (req, res) => {
        res.send('refresh done');
    });
    
    app.get('/dashboard', supertokens.middleware(), (req, res) => {
        const userId = req.session.getUserId();
    
        res.send(userId);
    });
    
    app.use('/logout', supertokens.middleware(), async (req, res) => {
        await req.session.revokeSession();
    
        res.send('loggoed out');
    });
    
    //
    
    app.use(
        supertokens.errorHandler({
            onUnauthorised: (err, req, res, next) => {
                // logging.logError(err); // some logging module
                res.status(440).send('Please login again');
            },
            onTryRefreshToken: (err, req, res, next) => {
                res.status(440).send('Call the refresh API');
            },
            onTokenTheftDetected: async (sessionHandle, userId, req, res, next) => {
                res.status(440).send('You are being attacked');
                await supertokens.revokeSession(sessionHandle);
            },
        }),
    );
    
    app.use((err, req, res, next) => {
        res.send(500).send(err);
    });
    
    app.listen(port, () => {
        console.log(`listening at http://localhost:${port}`);
    });
    If I visit http://localhost:3001/login no cookies get set. What did I do wrong?
  • r

    rp

    2 years ago
    1) u don't need apiKey for try.supertokens.io 2) cookie_domain should only be localhost and then try again
  • NewCastle252

    NewCastle252

    2 years ago
    Nope, still doen't work
  • r

    rp

    2 years ago
    in the response from that API, are you getting set-cookie headers?
  • NewCastle252

    NewCastle252

    2 years ago
    let me take a look
  • NewCastle252

    NewCastle252

    2 years ago
    Yes, but with an warning triangle, the warning says
  • NewCastle252

    NewCastle252

    2 years ago
    set cookie was blocked because of samesite being set on a non secure cookie
  • r

    rp

    2 years ago
    was blocked or will be blocked in future versions?
  • NewCastle252

    NewCastle252

    2 years ago
    message has been deleted