https://supertokens.com/ logo
Channels
Powered by
c

CuriousCI

04/29/2022, 1:18 PM
Do *cookies * work if, for example, the backend is on http and the website also uses http and not https?
r

rp

04/29/2022, 1:19 PM
Yes. It does
c

CuriousCI

04/29/2022, 1:19 PM
Strange... then there must be something wrong with my configuration...
r

rp

04/29/2022, 1:20 PM
Yup.. you can enable debug logging and see the output. May help
c

CuriousCI

04/29/2022, 1:20 PM
I'll try, thanks
So, the problem is that the browser doesn't actually store and send the cookies (all the request work fine)
r

rp

04/29/2022, 1:59 PM
Have you enabled cookieSecure on the backend session.init config?
Can you enable debug logging and show me the output?
c

CuriousCI

04/29/2022, 2:13 PM
I the log image you can see that: 1) I successfully logged in 2) I tried a session refresh and it didn't work To prove that the session was created, I took a picture of all the sessions created in the DB
I tried various configurations for the session, this is the one I used for the example: localhost:3000 is the website, localhost:8000 is the api
Copy code
session.init(
            # cookie_secure=False,
            cookie_same_site='none',
            cookie_domain='http://localhost:3000',
            cookie_secure=False,

        ),  # initializes session features
I think it's a problem of Chromium browsers, but I'm not sure
This is the /session/refresh request
r

rp

04/29/2022, 2:19 PM
Ok so you should remove all the custom config values from session.init
It figures out the right values automatically
And then try
Cause the settings you have, the browser won’t save the cookies cause for sameSite none to work, you need to use https on the apiDomain
So when using http, you should make sure your websiteDomain and apiDomain are both on localhost
With different ports
c

CuriousCI

04/29/2022, 2:40 PM
Same problem...
With default values
r

rp

04/29/2022, 2:41 PM
Are you using axios on the frontend?
c

CuriousCI

04/29/2022, 2:41 PM
The signin too
Nope, fetch
r

rp

04/29/2022, 2:42 PM
Have you done supertoeks.init on the frontend? And made sure that it is happening before the fetch call?
c

CuriousCI

04/29/2022, 2:43 PM
I did it in the header, and I guess it is called before the fetch call, but I'm not sure
r

rp

04/29/2022, 2:43 PM
Can you make sure supertokens.init is called before?
You can go through the above checklist and see what might be wrong
c

CuriousCI

04/29/2022, 2:44 PM
Ok, I'll let you know what the problem is when I solve it
I solved it! 🀯 I reasoned about it, and basically, the problem was that the server was on 127.0.0.1:8000, and I opened the website on localhost:3000 (According to Chrome, 127.0.0.1 and localhost are completely different). As soon as I opened the website on 127.0.0.1 and changed the settings on the backend to accept 127.0.0.1:3000 not localhost:3000, it worked! πŸ˜€ These crazy CORS policies πŸ˜”
r

rp

04/29/2022, 3:36 PM
Awesome!!
c

CuriousCI

04/29/2022, 3:37 PM
I don't know if it should be added on this list https://github.com/supertokens/supertokens-website/issues/68
r

rp

04/29/2022, 3:38 PM
I’ll add it πŸ™‚ thanks
Or you can comment in it and add it πŸ™‚
Added it as the last point In the list
Powered by