Invalid cookie

[gbruins-notours]

After a successful login, the next API request fails with a 401 Unauthorized error, with a message of "Invalid cookie"

{"statusCode":401,"error":"Unauthorized","message":"Invalid cookie","data":{}}

The cookie really does look invalid... there is a space because there is a double 'bv-session' value in the request header:

cookie: bv_session=Fe26.2**f2e3c8b8769a331c1f8fd38a1e152ea975fc0fd8a3d795d2a191c652d5385668*fAYPREpFzxKx_sfaEsRAzg*fb9PQkS-SbxH7880RMuyCex1zIlQvBb7hAnAG_LSuKCl7BnuqgjaJbQMLIcld9PC**f1fd7dc69d19bfbe863aba88d725ea0b6c8f7de74e354a5d26a76bff51b209ad*6yDgWpj_2Eyd5b40w3pPjLcs3oOUKSqNT3biV-d2Zlk; bv_session=Fe26.2**7884a5d86089f1d10854892d1f7b2c15966ed3f7c0e202c9e2241d435f09fa2a*D95jE3rcX4nrpgYfF2-Ulg*tcrjp_msO0sjG5pzJ4qJSst351P7y-NioP5qbPVYaDF_OzT6DLeNXeU2K2AdCpm0**635aeed5848ecb751ccb664ae7de1b72c080efa0ef5c9dae4f614c8625dfd67c*Nne-_nHCpJB1k9PpTOoJOVQhFqdrOhHoEUphpKg-NIo

Haven't found a solution yet as to why the UI is sending that.

Ironically, the only workaround I have is to change the "SESSION_COOKIE_DOMAIN" env variable on the server to the CLIENT domain: "breadvan.org", which isnt right (should be the server "breadvan.net") and in fact Chrome complains, but somehow still works and sends this cookie with the request. (This workaround doesnt work on Safari or DuckDuckGo however)

Could this be a nuxt bug?

[gbruins-notours]

UPDATE: I changed the session name from "bv_session" to "bvsession" and also changed the Domain value to it's proper value of breadvan.net, and this seems to have fixed the problem on Chrome and FF. Safari is not sending the cookie with the request though, as if it's in incognito mode or something.

[gbruins-notours]

UPDATE: Had to change Safari preferences to get it to work: Make sure you test Safari Preferences → Privacy → Website tracking: prevent cross-site tracking. I had to turn this off