Do *cookies * work if, for example, the backend is...
# support-questions-legacyc
CuriousCI
04/29/2022, 1:18 PMDo *cookies * work if, for example, the backend is on http and the website also uses http and not https?
r
rp_st
04/29/2022, 1:19 PMYes. It does
c
CuriousCI
04/29/2022, 1:19 PMStrange... then there must be something wrong with my configuration...
r
rp_st
04/29/2022, 1:20 PMYup.. you can enable debug logging and see the output. May help
c
CuriousCI
04/29/2022, 1:20 PMI'll try, thanks
CuriousCI
04/29/2022, 1:59 PMSo, the problem is that the browser doesn't actually store and send the cookies (all the request work fine)
r
rp_st
04/29/2022, 1:59 PMHave you enabled cookieSecure on the backend session.init config?
rp_st
04/29/2022, 1:59 PMCan you enable debug logging and show me the output?
c
CuriousCI
04/29/2022, 2:13 PMI the log image you can see that:
1) I successfully logged in
2) I tried a session refresh and it didn't work
To prove that the session was created, I took a picture of all the sessions created in the DB
CuriousCI
04/29/2022, 2:15 PMI tried various configurations for the session, this is the one I used for the example: localhost:3000 is the website, localhost:8000 is the api
Copy code
session.init(
# cookie_secure=False,
cookie_same_site='none',
cookie_domain='http://localhost:3000',
cookie_secure=False,
), # initializes session featuresCuriousCI
04/29/2022, 2:16 PMI think it's a problem of Chromium browsers, but I'm not sure
CuriousCI
04/29/2022, 2:18 PMThis is the /session/refresh request
r
rp_st
04/29/2022, 2:19 PMOk so you should remove all the custom config values from session.init
rp_st
04/29/2022, 2:19 PMIt figures out the right values automatically
rp_st
04/29/2022, 2:19 PMAnd then try
rp_st
04/29/2022, 2:20 PMCause the settings you have, the browser wonβt save the cookies cause for sameSite none to work, you need to use https on the apiDomain
rp_st
04/29/2022, 2:21 PMSo when using http, you should make sure your websiteDomain and apiDomain are both on localhost
rp_st
04/29/2022, 2:21 PMWith different ports
c
CuriousCI
04/29/2022, 2:40 PMSame problem...
CuriousCI
04/29/2022, 2:40 PMWith default values
r
rp_st
04/29/2022, 2:41 PMAre you using axios on the frontend?
c
CuriousCI
04/29/2022, 2:41 PMThe signin too
CuriousCI
04/29/2022, 2:42 PMNope, fetch
r
rp_st
04/29/2022, 2:42 PMHave you done supertoeks.init on the frontend? And made sure that it is happening before the fetch call?
c
CuriousCI
04/29/2022, 2:43 PMI did it in the header, and I guess it is called before the fetch call, but I'm not sure
r
rp_st
04/29/2022, 2:43 PMCan you make sure supertokens.init is called before?
rp_st
04/29/2022, 2:43 PMrp_st
04/29/2022, 2:43 PMYou can go through the above checklist and see what might be wrong
c
CuriousCI
04/29/2022, 2:44 PMOk, I'll let you know what the problem is when I solve it
CuriousCI
04/29/2022, 3:36 PMI solved it! π€―
I reasoned about it, and basically, the problem was that the server was on 127.0.0.1:8000, and I opened the website on localhost:3000 (According to Chrome, 127.0.0.1 and localhost are completely different).
As soon as I opened the website on 127.0.0.1 and changed the settings on the backend to accept 127.0.0.1:3000 not localhost:3000, it worked! π
These crazy CORS policies π
r
rp_st
04/29/2022, 3:36 PMAwesome!!
c
CuriousCI
04/29/2022, 3:37 PMI don't know if it should be added on this list https://github.com/supertokens/supertokens-website/issues/68
r
rp_st
04/29/2022, 3:38 PMIβll add it π thanks
rp_st
04/29/2022, 3:38 PMOr you can comment in it and add it π
rp_st
04/29/2022, 3:40 PMAdded it as the last point In the list