The browser does not store the cookies session

[danielmalaton]

Context:

• My frontend app is running on http://localhost:8080
• My backend app (Rails) is running on http://localhost:3000. This is an API app

• Setting cors like below:

  Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
  origins 'http://localhost:8080'
  
  resource '*',
           headers: :any,
           methods: %i[get post put patch delete options],
           credentials: true,
           expose: ['Set-Cookie']
  end
  end

• Setting session store like below:

  Rails.application.config.session_store :cookie_store, key: '_my_app_session', domain: :all, same_site: :none, secure: Rails.env.production?

• I'm sending a POST request withCredentials true that assign value to the session e.g. session[:user_id] = user.id

Current behavior: The response header contains the Set-Cookie:

set-cookie: _my_app_session=<value>; path=/; httponly; samesite=none

But the browser does not store it in the Storage cookies

Expected behavior: The browser stores it in the Storage cookies