Hey all.
For a school project, my team and I have ran into a problem regarding JWT and setting the cookie on a deployed version of our code.
router.post("/api/auth/login", async (req, res) => {
const user = req.body
const findUserByEmail = await db.users.find({email: user.email}).toArray()
try {
const hashedPassword = findUserByEmail[0].password
if (await bcrypt.compare(user.password, hashedPassword)) {
delete findUserByEmail[0].password
const accessToken = jwt.sign(findUserByEmail[0], jwtSecret, {expiresIn: "120m"});
res.cookie('jwt', accessToken, {httpOnly: true, secure: true, sameSite: "strict"});
res.status(200).send({data: "Success"})
}
} catch (error) {
res.status(401).send({message: `login failed. \nError: ${error.message}`})
}
}
We have above code to set a cookie on the response, with a signed JWT. It all works running locally, our server, running on localhost sends the response with the given signed JWT cookie. And our frontend application, running Sveltekit, reads the cookie. No issue.
However, we have deployed our code to Render.com, and from what I can see the server sends a “Set-Cookie: jwt=zyx…” header. However the cookies does not get set.
My theory is that it might have something to do with the fact that our server now runs on https, rather than http? Might this have some effect? Otherwise i’m lost for ideas, and solutions.
Thank you in advance.