Question about the cookie

Question

Question about the cookie

cty945 opened this issue 2 years ago · 3 comments

This is actually not an issue but a question instead.

May I ask how/when did the cookie got saved into browser? I was looking for a line such as cookies.set() in the client side but could not find it and the cookie was set correctly indeed somehow.

Answer 1 · 2022-11-25T13:27:18.000Z

@cty945 so first of all in cookie-based authentication the cookie should be set by the server-side not by the client-side, since it's more secure and you can set a HTTP-only cookie that is not available for the client-side to edit. So the server sets the cookie on the response, and if you send cookies on HTTP responses the client automatically stores them.

Secondly, regarding your question, if you check the code you can find a comment in routes/api.js

// When using passport with callback, we have to manually call req.login to set the Cookie
    req.login(user, async () => {

So what's happening is that passport has a built-in cookie.set method that's being called on req.login

Answer 2 · 2022-11-25T22:11:01.000Z

Thanks for the response! Yes I understand that the cookie has been set by the server. But the problem I encountered is actually on the client side. "the client automatically stores them" is not happening on my end when I try to reproduce it. Yes I did checked the response in Network tab, the cookies are there, but the client is not automatically storing them for some reason so that when the code checks whether the user has logged in it returned false.

Answer 3 · 2022-11-29T10:58:21.000Z

Hello again.
Are you referring that it's not working in the context of this project, or in general?

In regards to this project, I just checked and ran a local setup called "Bla" node ./setup.js Bla and tested the login in the browser and the cookie is stored fine. See here a screenshot: https://i.imgur.com/Se2PwiS.png

Things for you to check

make sure you ran setup.js and have both the server and the client up and running (server must be connected to a mongodb instance)
login via the default credentials from _insertDefaultUsers or with the ones you set, if you changed them
make sure you're not using incognito, although it shouldn't have anything to do with it. Nor should adblockers, as I'm using adBlockers and it's working fine

If it's related to some other project I'm not sure I can help you much