Login in PRODUCTION not working unless I remove sess.cookie.secure = true;

patarapolw · February 28, 2019, 4:31pm

I am deploying Node.js app on Heroku, and I can go to login screen, but after callback, it does not login.

Somehow, I can replicate it by setting NODE_ENV=production…

So, I comment out

    if (app.get("env") === "production") {
        // sess.cookie.secure = true; // serve secure cookies, requires https
    }

It now works, but it fear it might be insecure…

The code is here. https://github.com/patarapolw/zhlevel-ts/blob/2eefd0f705bbaea262fc0cc9ae2965afebcbc2aa/src/server.ts#L49

zulfiqar · March 5, 2019, 9:08am

Is your Heroku app configured to use HTTPS?
That line will issue a SECURE cookie which will only be sent back over HTTPs. It seems like you app may not be using HTTPs…

Topic		Replies	Views
Login in production not working Help auth0 , passport , nodejs	8	5243	January 14, 2023
Unable to verify authorization request state NodeJs + Heroku Help auth0 , api , heroku , login , node-auth0	2	3931	June 8, 2021
Callback does not work on production Help login-experience , new-universal-login-experience	0	166	May 21, 2024
Redirect URI is always HTTP - but only in production Help auth0 , login	4	2814	July 25, 2024
Callback URL Not Working In Heroku Help heroku , callback-urls , callbacks , deploy	5	9671	March 2, 2018

Login in PRODUCTION not working unless I remove sess.cookie.secure = true;

Related topics