Hey, I realized the auth cookie isn't sent on mobi...
# support-questions-legacyi
idanh.
09/13/2022, 7:16 AMHey, I realized the auth cookie isn't sent on mobile browser (tested on ios Chrome & Safari) so I get
refreshSession: UNAUTHORISED because idRefreshToken from cookies is undefinedr
rp_st
09/13/2022, 7:19 AMhey! it should be working on mobile browsers. What are the apiDomain, websiteDomain and can you enable backend debug logs and show me all the output?
i
idanh.
09/13/2022, 7:30 AMapiDomain https://yooz-server.herokuapp.com
websiteDomain https://www.yoooz.io
and BE logs:
r
rp_st
09/13/2022, 7:31 AMCan you send the backend logs when the process starts?
i
idanh.
09/13/2022, 7:33 AMyou mean the authentication process starts? here it is
idanh.
09/13/2022, 7:34 AMit works from my desktop browser
r
rp_st
09/13/2022, 7:34 AMwhat is the value of cookie same site?
i
idanh.
09/13/2022, 7:37 AMnot familiar with it, is that a response header?
r
rp_st
09/13/2022, 7:37 AMso the logs you have sent previously are when the middleware is called
rp_st
09/13/2022, 7:37 AMi want to see the logs for when the process starts
rp_st
09/13/2022, 7:37 AMso i can see the cookie settings
i
idanh.
09/13/2022, 7:38 AMby process start you mean server initialized?
r
rp_st
09/13/2022, 7:40 AMyes
i
idanh.
09/13/2022, 7:42 AMr
rp_st
09/13/2022, 7:44 AMok so cookieSameSite is none, which is correct. This would not work on safari since safari doesn't allow third party cookies, but it should work on chrome
rp_st
09/13/2022, 7:45 AMthe best way to solve this would be to proxy requests to the api domain such that it shares a common domain with the frontend. For example you could do
https://api.yoooz.io/rp_st
09/13/2022, 7:46 AMThat being said, if you do not want to do that, then you can switch to using headers instead of cookies - we have an example app of how that can be done: https://github.com/supertokens/supertokens-auth-react/tree/master/examples/with-localstorage
i
idanh.
09/13/2022, 8:05 AMdo you mean that in order to make it work on Safari as well I should switch to using headers?
r
rp_st
09/13/2022, 8:05 AMyea. You could do that, or else use a proxy domain as the apiDomain instead of the heroku link (which is what i would do)
rp_st
09/13/2022, 8:06 AMso create a DNS entry like api.yoooz.io which points to the heroku domain, and then change apiDOmain oon frontend and backend to be api.yoooz.io. This should make cookies work properly everywhere
i
idanh.
09/13/2022, 8:08 AMi will try that approach then 🙂 thank you for helping out!!
idanh.
09/13/2022, 8:38 AMi know it's not related to Supertokens, but maybe you could help me out 😊 after adding the CNAME for api.yoooz.io i get ERR_CERT_COMMON_NAME_INVALID and don't understand why, since my certificate is for *.yoooz.io as well
r
rp_st
09/13/2022, 8:47 AMim not entirely sure myself. Sorry
7 Views