Can't get Cookies from external api , server side
Unanswered
Rex posted this in #help-forum
RexOP
Hello guys,
Ive been struggling on how to read the cookies my laravel api send to my frontend.
Ive tried everything, cookies are set the correct way, i even made everything in the same domain, https, dockers etc.
Its seems that nextjs cant read the cookies i sent in the response.
The only way to make it work is to set the cookies in the json response and store in the browser, but i dont want to do that nor local storage.
What am i missing ? Why the middleware and/or server actions cant read the cookies ?
Ive been struggling on how to read the cookies my laravel api send to my frontend.
Ive tried everything, cookies are set the correct way, i even made everything in the same domain, https, dockers etc.
Its seems that nextjs cant read the cookies i sent in the response.
The only way to make it work is to set the cookies in the json response and store in the browser, but i dont want to do that nor local storage.
What am i missing ? Why the middleware and/or server actions cant read the cookies ?
67 Replies
have you made sure that the Path flag of the cookie is correct?
RexOP
Yeah man
The issue isnt with the cookie
Is either nextjs or the browser
Filled the code with logs
Nextjs cant procces it or read it
its weird because I set cookies on the client and its still able being read by Next.js's
await cookiesRexOP
Unless i store it client side
Yeah
"Ive been struggling on how to read the cookies my laravel api send to my frontend."
how do you send your cookie?
how do you send your cookie?
RexOP
But the thing is i dont wnt to store it client side
I dont want to see it in the browser
have you checked that the laravel cookie still exists in the DevTool?
RexOP
Thats the thing
If you dont do it client side
You wont bee seeing there
Yhe browser automaticalyy
Send it with eachr equest
its a securit measure
if you can't see the laravel cookie in devtool, that means your laravel server failed to set the cookie to the front-end.
RexOP
devtool you mean inspect, storage , cookies
yeah
does the laravel cookie appear there?
RexOP
It appears after a 200 response and i explcity set the cookies there
But i dont want to do that
secure cookies are still visible in the devtool
you can't avoid that
RexOP
i believe you can
If is it on the server
The browser sends it
With each request
no ?
Yes they do
but they are still visible in the Devtools > Application > Storage > Cookies
even with
Secure and HttpOnly flags.So let me ask you first: Is the laravel cookie visible in Devtools?
RexOP
yes
But brother
The backend code stays the same
If i set the cookies in my front end
They appear in dev tools
And everything works
But i dont want to expose them
On the client side
you can't avoid that
brother
RexOP
U sure ?
cookies whether set on client or server, will always be visible in Devtool.
RexOP
oh
you just hide it from application javascript
RexOP
Ahhhh
it just protects malicious actors that take control of your site to get the cookie
RexOP
So even appearing there
but it doesn't protect stupid user for copy pasting the cookie from Devtool
RexOP
Stays secure
the idea is that even if your site is embedded inside an iframe of malicioussite.com,
malicioussite.com CANNOT get access to the cookie
malicioussite.com CANNOT get access to the cookie
and if somehow your site get <script> injected by malicious code,
that <script> CANNOT get access to the cookie
that <script> CANNOT get access to the cookie
but it doesn't protect against a stupid user that follow hacker's direction to open devtool and copy-paste the cookie,
thats why most large companies still have another defense line beside the cookie jwt such as storing session in the DB
theres also CSRF prevention to make sure that actions comes from your own site and not via <script> or <iframe>
but its fine for smaller, non-critical projects to use cookie as session management
thats why Safari has Devtool disabled by default
RexOP
Got it
Thanks man
Appreciate your time
your welcome!