Tokens not stored in session if cookie is set to be secure: false
franciscohanna92 opened this issue · 0 comments
franciscohanna92 commented
Tokens are not stored in session after successful login if the cookie for express-session is set to be secure: false. If I set it to true, then the cookies are not sent to the server because I'm on localhost and over HTTP.
Is this the expected behavior? Is the only solution to run it over HTTPS? I've tried to use self signed certificates for HTTPS, but Chrome says the site is insecure and the cookies are not sent.
Expected behavior
The tokens are stored in the session even if the cookie is set to be secure: false
Actual behavior
The tokens are not stored in the session (only the user id)
Steps to reproduce
- Set the cookie to be
secure: false - Trigger the OAuth flow
- After redirect to callback finishes, check the sesion stored on the database: No tokens found.
- Change the cookie to be
secure: true - Trigger the OAuth flow
- After redirect to callback finishes, check the sesion stored on the database: Tokens are present.
Environment
Ubuntu 20.04
Node v12.16.2
passport@0.4.1
passport-twitter@1.0.4