CD
Cloudflare Developers4mo ago
TechParadox

Having trouble getting session cookie to store (lucia-auth, hono, cloudflare pages/worker)

My worker is hosted at api.domain.com and my frontend is using domain.com When I post to api.domain.com/users from domain.com the response header shows the session cookie. It then redirects to domain.com/email-verification, but the cookie is not stored in the browser. What am I doing wrong? Any assistance is greatly appreciated. Code (I removed some stuff to save space) https://pastebin.com/70cy8PzV
Pastebin
```// IMPORTS SECTION// ---------------...// INTERFACES SECTION// -...
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
3 Replies
TechParadox
TechParadoxOP4mo ago
Response: 
Request URL:
https://api.instructor-ai.com/users
Request Method:
POST
Status Code:
201 Created
Remote Address:
104.21.42.89:443
Referrer Policy:
strict-origin-when-cross-origin
access-control-allow-origin:
https://instructor-ai.com
alt-svc:
h3=":443"; ma=86400
cf-ray:
8b15bd939978236a-EWR
content-length:
124

content-type:
application/json; charset=UTF-8
date:
Sun, 11 Aug 2024 05:14:13 GMT
nel:
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to:
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=he4L8jEVsb3Vf5PmVcS7RZah0TzzJUqAIz9H%2B%2F9ZfkiE9kEqafKclldHOS%2BnrA%2F5tjJ%2Bffy2MBCXfEMr%2FtcAxyPpS9GmwY06OBQpLZMz1g0jy5zdTy0y1z26ROaHpZkd83lVpGSYYG8%3D"}],"group":"cf-nel","max_age":604800}
server:
cloudflare
set-cookie:
auth_session=iexwez2e2idzc726kqnqob5tb5hrbndycaj74uce; Domain=instructor-ai.com; HttpOnly; Max-Age=2592000; Path=/; SameSite=Strict; Secure
Request URL:
https://api.instructor-ai.com/users
Request Method:
POST
Status Code:
201 Created
Remote Address:
104.21.42.89:443
Referrer Policy:
strict-origin-when-cross-origin
access-control-allow-origin:
https://instructor-ai.com
alt-svc:
h3=":443"; ma=86400
cf-ray:
8b15bd939978236a-EWR
content-length:
124

content-type:
application/json; charset=UTF-8
date:
Sun, 11 Aug 2024 05:14:13 GMT
nel:
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to:
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=he4L8jEVsb3Vf5PmVcS7RZah0TzzJUqAIz9H%2B%2F9ZfkiE9kEqafKclldHOS%2BnrA%2F5tjJ%2Bffy2MBCXfEMr%2FtcAxyPpS9GmwY06OBQpLZMz1g0jy5zdTy0y1z26ROaHpZkd83lVpGSYYG8%3D"}],"group":"cf-nel","max_age":604800}
server:
cloudflare
set-cookie:
auth_session=iexwez2e2idzc726kqnqob5tb5hrbndycaj74uce; Domain=instructor-ai.com; HttpOnly; Max-Age=2592000; Path=/; SameSite=Strict; Secure
TechParadox
TechParadoxOP4mo ago
Cookies
No description
TechParadox
TechParadoxOP4mo ago
Finally figured it out! In your fetch request, even if its a POST, you must set credentials: "include", and in your cors set credentials / Access-Control-Expose-Headers to true.
Want results from more Discord servers?
Add your server