Closed TheoA816 closed 1 year ago
Hey @TheoA816! 👋🏻
Cookies are not cross-domain. Your frontend and backend must be on the same (sub-)domain to work.
Also, you must use SameSite
with LAX
.
And lastly, I am not sure about the onrender.com
cookie policy, but maybe you will have more chances with a custom domain.
Had to do with my FE and BE not being on the same domain. Accessed the backend through a proxy and everything worked fine. Thanks for the comment!
I am using google oauth and auth web guard for my login. Below is the end of my login function, after checking the google login.
await auth.use('web').login(user);
return response.redirect(${Env.get('FRONTEND_DOMAIN')});
In localhost everything works fine, auth user gets initialised and on subsequent route calls the user is still logged in. However after deploying (using render.com), I find auth.user is intialised is saved before the return above. But after redirecting to the frontend, subsequent backend calls show that auth is not initialised. I changed nothing besides the localhost -> production links
The biggest difference I see is in localhost, the adonis-session cookie is passed along with the request but not in production
i've tried changing config/session.ts (sameSite: false, explicit domain name etc) but nothing works
I assume the problem has to do with some cookie and domain name related issue but I'm clueless and have gone a whole day on this with no avail. Any help is appreciated
Just for some extra info my login flow is
and my google config is as