I’m using Next JS as a client.
Using the js-cookie library I am setting a cookie called FarmId: Cookies.set(‘FarmId’, farmId)
In my axios.create I am already setting the withCredentials property to true:
const axiosClient = axios.create({
withCredentials: true,
baseURL: apiUrl,
headers: {
Authorization: 'Bearer ' + token,
},
})
However, my problem is that when I make the request to the API, the Cookie is not being sent
const response = await api.get<IFarm[]>('/api/Farms')
(https://phpout.com/wp-content/uploads/2023/12/ekra6.png)
Through Postman, it is sending normally, I also tested it by creating a NodeJS application and it worked normally too.
I’m trying to figure out how to send the cookies to the API and hope to find a solution that will help me resolve this issue
2
Answers
When working with cookies and Next.js, there are a few things to consider to ensure that cookies are sent correctly with your requests:
Credentials in CORS (Cross-Origin Resource Sharing):
If your API is hosted on a different domain from your Next.js application, you need to ensure that the server allows credentials (including cookies) from your domain. This is a CORS-related issue.
On the server (where your API is hosted), make sure that the CORS middleware is configured to allow credentials. In your API server code, you might have something like:
Replace
'http://your-nextjs-app.com'with the actual origin of your Next.js application.Set Cookies with
SameSite=NoneandSecure(for cross-site cookies):If your API and Next.js application are on different domains, and you are dealing with cross-site cookies, you need to set the
SameSite=Noneattribute and useSecureif your application is served over HTTPS.This ensures that the cookie is sent with cross-site requests.
Verify Axios Configuration:
Double-check your Axios configuration to ensure that
withCredentials: trueis set globally for your Axios instance.Make sure that this instance is used consistently throughout your application.
Test Locally and Check Network Tab:
Test your application locally and check the network tab in your browser’s developer tools. Look at the request headers and see if the
Cookieheader is present and contains the expected values.Also, check the response headers to see if the server is setting any cookies.
This can help you identify whether the issue is on the client side or the server side.
Ensure Secure and HTTPOnly Cookies:
Check if the cookies are set with the
SecureandHttpOnlyflags. This is especially important for session cookies.By addressing these points and ensuring that your server allows credentials and your cookies are set appropriately, you should be able to send cookies successfully from your Next.js application to your API. If the issue persists, further debugging with the network tab and checking the server logs might provide additional insights.
Additional be careful in nextjs server-side and client-side cookies set is diffrence:
In Next.js, cookies can be set in both server-side components and client-side components, but there are differences in how you handle cookies on the server side compared to the client side.
Server-Side Components (Pages in the
pages/apidirectory):In server-side components, such as those in the
pages/apidirectory, you can set cookies using thesetHeadermethod of the response object. Here’s an example:Make sure to adjust the
farmIdand cookie attributes based on your requirements.Client-Side Components:
In client-side components, you can use client-side libraries like
js-cookieor the nativedocument.cookieAPI to set cookies. Here’s an example usingjs-cookie:Again, adjust the
farmIdand cookie attributes based on your requirements.Important Considerations:
Security Considerations:
HttpOnlyflag for increased security.SameSite and Secure Flags:
SameSite=Noneand useSecureif your application is served over HTTPS.Handling on the Client Side:
Consistency:
By following these considerations, you can set and manage cookies effectively in both server-side and client-side components in your Next.js application.