JWT Cookie not being set on HTTPS server

Hey all.

For a school project, my team and I have ran into a problem regarding JWT and setting the cookie on a deployed version of our code.

router.post("/api/auth/login", async (req, res) => {
    const user = req.body
    const findUserByEmail = await db.users.find({email: user.email}).toArray()
    try {
        const hashedPassword = findUserByEmail[0].password
        if (await bcrypt.compare(user.password, hashedPassword)) {
            delete findUserByEmail[0].password
            const accessToken = jwt.sign(findUserByEmail[0], jwtSecret, {expiresIn: "120m"});
            res.cookie('jwt', accessToken, {httpOnly: true, secure: true, sameSite: "strict"});
            res.status(200).send({data: "Success"})
        }
    } catch (error) {
        res.status(401).send({message: `login failed. \nError: ${error.message}`})
    }
}

We have above code to set a cookie on the response, with a signed JWT. It all works running locally, our server, running on localhost sends the response with the given signed JWT cookie. And our frontend application, running Sveltekit, reads the cookie. No issue.

However, we have deployed our code to Render.com, and from what I can see the server sends a “Set-Cookie: jwt=zyx…” header. However the cookies does not get set.

My theory is that it might have something to do with the fact that our server now runs on https, rather than http? Might this have some effect? Otherwise i’m lost for ideas, and solutions.

Thank you in advance.

Hello MaltheGram
did you managed to solve this issue? I have the same problem and cannot find the solution.
If you can share any tips.
thanks

1 Like