search

atinux / nuxt-auth-utils

Add Authentication to Nuxt applications with secured & sealed cookies sessions.
MIT License
974 stars 91 forks source link

Session not persisting on Safari, works fine on Firefox and Chrome #136

Closed leszekkrol closed 2 months ago

leszekkrol commented 3 months ago

I’m using the following code to handle OAuth login via X with auth-utils. The session is successfully set and persists on Firefox and Chrome, but it doesn’t persist on Safari.

export default oauthXEventHandler({
    async onSuccess(event, { user }) {
        await setUserSession(event, {
            user: {
                twitterId: user.id,
                username: user.username,
                name: user.name,
                description: user.description,
                profileImage: user.profile_image_url,
            },
            loggedInAt: Date.now(),
        })
        return sendRedirect(event, '/')
    },
    onError(event, error) {
        console.error('Twitter OAuth error:', error)
        return sendRedirect(event, '/')
    }
})

Steps to Reproduce:

  1. Log in using X on Safari.
  2. Observe that the session is not persisted.
  3. Test the same on Firefox and Chrome, where the session works correctly.

Expected Behavior:

The session should persist across all browsers.

Actual Behavior:

The session does not persist on Safari.

Environment:

Additional Information:

This issue seems to be isolated to Safari. Any insights or fixes would be greatly appreciated!

atinux commented 3 months ago

Could you try to update the duration to be a week?

export default defineNuxtConfig({
  modules: ['nuxt-auth-utils'],
  runtimeConfig: {
    session: {
      maxAge: 60 * 60 * 24 * 7 // 1 week
    }
  }
})
leszekkrol commented 3 months ago

@atinux Yeah, I tried that, I have the exact same setup as you.

patrick-hofmann commented 3 months ago

Could you try to update the duration to be a week?

export default defineNuxtConfig({
  modules: ['nuxt-auth-utils'],
  runtimeConfig: {
    session: {
      maxAge: 60 * 60 * 24 * 7 // 1 week
    }
  }
})

I can confirm that setting the maxAge of the session cookie fixes the Safari-Issue.

atinux commented 2 months ago

Can you confirm that it fixes it @leszekkrol ?

szana8 commented 2 months ago

Have the same issue. I set the max age session:

//  #https://nuxt.com/docs/api/configuration/nuxt-config
export default defineNuxtConfig({
    devtools: {
        enabled: false,
    },
    runtimeConfig: {
        public: {
            baseUrl: process.env.LARAVEL_BACKEND_URL,
        },
        baseUrl: process.env.LARAVEL_BACKEND_URL,
        clientId: process.env.LARAVEL_CLIENT_ID,
        clientSecret: process.env.LARAVEL_CLIENT_SECRET,
        session: {
            maxAge: 60 * 60 * 24 * 7, // 1 week
        },
    },
    css: ['~/assets/css/main.css'],
    modules: ['@nuxtjs/tailwindcss', 'nuxt-auth-utils'],
    typescript: {
        shim: false,
        tsConfig: {
            include: ['~/types/*.ts'],
        },
    },
})

But I can not get back anything after I set the the session data and I can not see anything under the cookies tab.

await setUserSession(event, {
            user: {
                name: 'John Doe',
            },
        })

On Chrome it works fine and I see the Nuxt-session.

raggesilver commented 2 months ago

Could this be related to https://github.com/atinux/nuxt-auth-utils/issues/78? Safari doesn't persist secure cookies on localhost if you are not using https.

szana8 commented 2 months ago

Yea it works now with https. Thanks,