Issue with Cookies Not Being Sent in React-NestJS Application
Unanswered
i_mkait posted this in #help-forum
i_mkaitOP
I'm working on a fullstack application with React on the frontend and NestJS on the backend. For authentication, I’m using cookies to store the access and refresh tokens. Here's how the flow works:
Upon login, the backend authenticates the user and generates access and refresh tokens, setting them in HTTPOnly cookies. The client receives a "Successfully Logged In" message.
For subsequent requests, the client should send these cookies back to the server, where the backend verifies the access token and processes the request.
The Problem:
When the user logs in, the cookies are successfully set by the server (I can see them in the response headers in the Network tab in DevTools).
However, on subsequent requests, the client isn't sending the cookies to the server.
Details:
If I send the same requests via Postman, everything works as expected, meaning the backend logic is fine.
The issue seems to be on the frontend, but I can’t figure out why the cookies aren’t being sent with requests.
Here’s some relevant code/configuration:
Backend Cookie Settings:
cookieoption: { httpOnly: true, secure: false, sameSite: "none", maxAge: 60 * 60 * 1000, // 1 hour}
CORS Configuration:
app.enableCors({
origin: "http://localhost:5173",
credentials: true,
});
Frontend Axios:
await axios({
url:
method: "patch",
headers: {
'Content-Type': 'application/json'
},
data: {
id: userId, options: data,
},
withCredentials: true, // to send cookies
});
Any ideas on why the cookies aren’t being sent from the frontend?
Upon login, the backend authenticates the user and generates access and refresh tokens, setting them in HTTPOnly cookies. The client receives a "Successfully Logged In" message.
For subsequent requests, the client should send these cookies back to the server, where the backend verifies the access token and processes the request.
The Problem:
When the user logs in, the cookies are successfully set by the server (I can see them in the response headers in the Network tab in DevTools).
However, on subsequent requests, the client isn't sending the cookies to the server.
Details:
If I send the same requests via Postman, everything works as expected, meaning the backend logic is fine.
The issue seems to be on the frontend, but I can’t figure out why the cookies aren’t being sent with requests.
Here’s some relevant code/configuration:
Backend Cookie Settings:
cookieoption: { httpOnly: true, secure: false, sameSite: "none", maxAge: 60 * 60 * 1000, // 1 hour}
CORS Configuration:
app.enableCors({
origin: "http://localhost:5173",
credentials: true,
});
Frontend Axios:
await axios({
url:
http://localhost:3000/api/users/${userId}
,method: "patch",
headers: {
'Content-Type': 'application/json'
},
data: {
id: userId, options: data,
},
withCredentials: true, // to send cookies
});
Any ideas on why the cookies aren’t being sent from the frontend?
7 Replies
check if the cookie is set after login
i_mkaitOP
I've checked it. After login, the response header have the access token in cookies. But cookies are not getting passed with subsequent request.
so basically u sure your cookie is defined on the client
when does the second request happen? where u expect your http cookie
i_mkaitOP
So basically, when the user logs in, the server generates access token and refresh token, and set those in the httpOnly cookies. These tokens are present in the response header of login request.
Now, every subsequent request, ideally should contain those cookies, but it's not.
Now, every subsequent request, ideally should contain those cookies, but it's not.
i_mkaitOP
This is response header when user login is successful. Here Response Header contains the jwt in cookies.
This is the next request after login. And here request donot contains any cookies.