Lost cookies in proxy redirect to remote API

Hi there,

I’m running into the same issue as @spondbob has discussed in this convo:(Lost cookies in proxy redirect). Wasn’t sure whether starting a new thing or jumping on his conversation was the best course. So I flipped a coin.

Lay of the Land

Backend is sitting on Heroku.
Both the UI and API have the same domain, but a different subdomain. The Netlify toml file seems to be working as expected, and the requests to the API endpoints seem to work. The app name is “thepackrat-alpha”. Auth is being handled through passport JS, using Facebook SSO.

The Problem
The cookie doesn’t seem to want to set. It’s HTML only, or at least it should be. Below is the x-nf-request-id’ header used in the page load that follows an oAuth redirect.

a2405632-1a20-4b09-80c7-52b6fe8aec61-76351653

And the following is the x-nf-request-id header for the subsequent API request:

a2405632-1a20-4b09-80c7-52b6fe8aec61-76351949

For the redirect call that actually sets the cookie, I was not able to track this header down; I don’t think it exists.


I’m starting this new topic as the two ones I found through Google and these boards seemed to have petered off without a solution.

Thanks in advance!

Okay. I let this stew for a day, then I came to the conclusion this is not a netlify thing.

It’s a Cookie Domain thing.

If you’re running into this, then open up your cookie tab in your chrome devtools. Look for the domain of the cookie that was set in the callback request, or wherever your cookie was set. You’ll see a domain like this:

image

You want to make sure it’s set for your domain. Not the domain with the subdomain things are being forwarded to. That’s it.

This app is now working as far as auth goes. Now to the challenge of adding features.

1 Like