Question posted in 
I have particular knowledge of how does Set-Cookie header works or setting a session value in ExpressJS but for some reason I’ve stuck with this issue.
The issue is Set-Cookie header that was sent by the response header doesn’t actually do anything in the browser but when I tried to test it using postman it works as expected, the session cookie was populated.
The app have two parts, the backend and frontend and uses nginx for communicating the two services.
router.post(
`/api/users/signup`,
// ...more codes
req.session.jwt = userJwt;
console.log(req.session);
res.status(201).send(user);
}
);
I use cookie-session package for the expression session and I have the configured it below.
app.set('trust proxy', true);
app.use(json());
app.use(
cookieSession({
signed: false,
secure: process.env.NODE_ENV !== 'test',
sameSite: 'none',
})
);
app.use(function (req, res, next) {
res.header(
'Access-Control-Allow-Methods',
'GET,PUT,POST,DELETE,UPDATE,OPTIONS'
);
res.header(
'Access-Control-Allow-Headers',
'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept, Set-Cookie'
);
next();
});
I’m wondering why the header is not set after a request is made but on the other hand request made through postman successfully populated the said session.
Hopefully someone can help.
2
Answers
I figured out what causes this issue. I've setup a local custom domain for my app running on a nginx reverse proxy. The domain extension was
.testbut it does not work well with cookie secure flag to true, on the other hand.devworks perfectly.what are you using to make the request? I had several issues with axios and cookies and ended up using fetch.
try including the option {credentials: include} on the