HTTP Cookie won't get set

TheFrontend

7 months ago

Can someone send me a screenshot of a successful login request that sets an http only cookie? Right now I'm receiving the cookie but it won't get set in the browser and I'm a bit stuck. 👀

@jmikrut I just found out that for cross-site requests the cookie needs to be set "secure": "true" and "same-site": "none". That solved my issue. Would be good to have this option within the payload config to avoid patching the dependency. 🙌

jmikrut
Payload Team
7 months ago
these two options are indeed configurable in the payload config already 👍

https://payloadcms.com/docs/authentication/config#options

check out the
cookies
option

you can set
sameSite
as well as
secure
right in the config, based on ENV vars or whatever you need 👍
TheFrontend
7 months ago
Haha, oh no! Guess I was blind 😅
Sandro Wegmann
7 months ago
I wanted to follow up on this real quick, because I've wasted countless hours on those cookie issues during my years in web dev.

If you are using axios or sth similar, you need to set withCredentials": true (or credentials: 'include' in node fetch ). NOT ONLY ON THE REQUEST USING THE AUTH COOKIE, BUT ALSO ON THE REQUEST WHERE YOU WANT TO RETRIEVE THE AUTH COOKIE (e.g. login request). Otherwise, you'll see the set-Cookie header in the response, but no cookie will be set
jmikrut
Payload Team
6 months ago
^^^^ 100%

Open the post

Continue the discussion in Discord

Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.