SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Do **cookies ** work if, for example, the backend is on **http** and the website also uses **http** and not ***https***?

Strange... then there must be something wrong with my configuration...

Yup.. you can enable debug logging and see the output. May help

So, the problem is that the browser doesn't actually store and send the cookies (all the request work fine)

Have you enabled cookieSecure on the backend session.init config?

Can you enable debug logging and show me the output?

I the log image you can see that:
1) I successfully logged in
2) I tried a session refresh and it didn't work

To prove that the session was created, I took a picture of all the sessions created in the DB

I tried various configurations for the session, this is the one I used for the example: localhost:3000 is the website, localhost:8000 is the api
```        
session.init(
            # cookie_secure=False,
            cookie_same_site='none',
            cookie_domain='http://localhost:3000',
            cookie_secure=False,

        ),  # initializes session features
```

I think it's a problem of Chromium browsers, but I'm not sure

Ok so you should remove all the custom config values from session.init

It figures out the right values automatically

Cause the settings you have, the browser won’t save the cookies cause for sameSite none to work, you need to use https on the apiDomain

So when using http, you should make sure your websiteDomain and apiDomain are both on localhost

Have you done supertoeks.init on the frontend? And made sure that it is happening before the fetch call?

I did it in the header, and I guess it is called before the fetch call, but I'm not sure

Can you make sure supertokens.init is called before?

https://github.com/supertokens/supertokens-website/issues/68

You can go through the above checklist and see what might be wrong

Ok, I'll let you know what the problem is when I solve it

**I solved it! 🤯**

I reasoned about it, and basically, the problem was that the server was on 127.0.0.1:8000, and I opened the website on localhost:3000 *(According to Chrome, 127.0.0.1 and localhost are completely different)*.

As soon as I opened the website on 127.0.0.1 and changed the settings on the backend to accept 127.0.0.1:3000 not localhost:3000, it worked! 😀

These crazy CORS policies 😔

I don't know if it should be added on this list https://github.com/supertokens/supertokens-website/issues/68