Open Manubi opened 6 years ago
did you defined authorization token in the header of your request? write more about strategies that you're using in the project, share the code if possible.
No i didn't. I thought I don't need to do anything in the front-end when we are using session based authentication because the browser is saving the cookies and handling the session_id. Am I wrong?
sometimes, depending of the configuration did you must set the token, in a project using nuxt js i have to set the bearer token in the header property of axios, check the response of login searching for a token or cookie refered to this. If you had found a token just try to send like a
{
headers: {
Authorization: 'JWT Token Example'
}
}
@lucasfontesgaspareto that's the case when you use JWT authentication. We are trying to use Sessions which should be no work at all in the Front-End as far as I know.
Any other suggestions how to debug the problem?
hm, i guess that the passport dont give you a session based when use local strategy
@Manubi You might have to set 'withCredentials' to true on your request. Newer specifications of fetch default to persisting cookies, but older versions force you to set 'withCredentials' to true. Otherwise when a cookie is sent to your browser on the response of a request, it will just ignore it.
I had the same issue recently, adding credentials: "include", in side the fetch works for me in case if someone saw this these days.
Hi, over the last week I tried to make our react/passportjs authentication (with sessions) work.
The thing is I can successfully login with password and email and I get the "200" status back. And I thought this means my browser saves the cookie with the sessionID. But when I have a look at the www.pomfrit.tech cookie my cookie is empty.
After the successful login I am redirecting the user to the /userpage route and want to fetch the userDataTable. But I can't fetch the Userdata for the table because I get the Error message 403 - as seen in the picture below.
The back-end and the front-end are not on the same server. But CROS is set to allow every url anyway.
Any suggestions what I can try?
Would really appreciate any help, as I already tried a lot of things...