Cookie not being set/created?
Hi, I am following a youtube tutorial https://www.youtube.com/watch?v=Av9C7xlV0fA and when I login there is no cookie value being generated.I checked my code multiple times and I see no difference.
here is the code in raw format https://raw.githubusercontent.com/AslanHalil/jira-clone/refs/heads/main/jira-clone/src/features/auth/server/route.ts
thanks.
Code With Antonio
YouTube
Build a Jira Clone With Nextjs, React, Tailwind, Hono.js | Part 1/2...
⭐ Source code & more: https://dub.sh/twpYBjw
🔥 Get $50 in Appwrite credits: https://apwr.dev/antonio50
🎬 PART 2: https://youtu.be/37v63U7-iG0?si=ZkY7-7vtInUMdlrk
Hi all 👋 In this 16-hour tutorial split in two parts (my longest ever btw!) you will learn how to create an end-to-end fullstack Jira clone, all with workspaces, project / epics, tasks...
21 Replies
hey @Yung_Misanthrope! could you share more about what's working and what isn't?
it's helpful if you explain what you expect to happen, and what's actually happening, along with code examples
Hi, thanks for trying to help, basically when I try to set cookie using the hono library, the cookie value would be empty when looking into the browser.
I managed to fix it by making the appwrite API key public in the env.local file but i’m not sure that is the best way to proceed.
a couple questions:
- when you say the cookie value is empty, did the key exist with no value?
- you mean you updated
APPWRITE_KEY to NEXT_PUBLIC_APPWRITE_KEY, and that fixed the issue?
the NEXT_PUBLIC prefix makes env variables available on the client, so you definitely don't want to do that with any secrets
it doesn't look like its exposed to any code that would get served to the client, but idk enough about next bundling to say for sure
have you confirmed that you were spelling APPWRITE_KEY correctly? env variable typeos have gotten me more than once
i would also expect createAdminClient to fail if the key wasn't getting read in thoughYes, I did exactly that and it was fixed.
yeah, it was spelled correctly.
So you know when you inspect in google chrome, you go to the application tab, and on your left you have cookies, and it shows you, a row with Name, Values, Domain etc..
In the Value column, it is empty.
from what you're saying, it sounds like the cookie key
aslan-jira-clone-session is visible in the browser inspector storage tab, but there's no value
this is kind of ambiguous. it could mean that the cookie is being set on the response without a value, or that the cookie was set at one point, but subsequent requests are not
when you make requests to the /login endpoint, do they succeed? what's the response status?
if the requests are failing, the error is a good place to startso I do manage to login but when I try to visit a page that is only accesible to logged in users I am redirect to the login page.
I get an unauthorized error, which is 401 if I recall
I tried chatgpt but didn't get any good answers except console logging.
i see. i'm happy to help, but a few words of advice: both when you're debugging on your own, but especially when you're asking for feedback, it's important to be detailed and precise
status codes, error messages, and other specifics that help show what works + what doesn't are key
otherwise you're essentially asking folks to learn (or download and run) your whole project, rather than deal with a specific issue, which 1) can make others reluctant to get involved, and 2) makes debugging more difficult regardless
i get that it's not always clear what info to share or what questions to ask
but one of the most important skills you can develop is figuring that out
that being said, in your shoes my next step would be to try setting an arbitrary cookie. just hard-code some random key + value for the cookie (and comment-out the auth cookie), and see if it gets added
are your front-end and back-end hosted on the same domain? that could potentially break a same-site cookie implementation
tbh, it's also worth drilling into what switching to
NEXT_PUBLIC did. when debugging, any lever that changes the outcome is worth investigating.I’m using nextjs so both. I’m using localhost at the moment.
I will try your first solution though.
it really seems strange that this did it
So I did the following. I used the suggested values when setting cookie while also letting the api key be public.
The session secret was created but despite being logged in I would be redirected to the login page.
I then renamed the api key variable to NEXT_APPWRITE_KEY, the session secret was created but would still be redirected.
Eventually I narrowed the issue being related to the “secret” property when a session is created. The session.secret would be empty when the api key isn’t visible.
So the question that needs to be answered is how to pass the api key to the session without making it public.
great work honing in on the problem and explaining your steps!
you could be a little more specific (e.g., "values suggested by appwrite" instead of "suggested values"), but you covered all the key points
i do have one question
you say that at first:
The session secret was created but despite being logged in I would be redirected to the login page.but then that:
The session.secret would be empty when the api key isn’t visible (NEXT_PUBLIC)You are right, I made a mistake, so the session, which is represented as an object had a property “secret”, session.secret is used when creating the cookie but session.secret would be empty when api key isn’t public.
gotcha. that's what i figured, but i wanted to double check
so it seems like some server code is getting called client side
this is a long shot, but could you try updating this import in your rpc file:
import type { AppType } from "@/app/api/[[...route]]/route";
if you're only using an import as a type, specifying that is best practice. it can help reduce bundle size and keep code separate. in practice, it depends on your bundler config, which i don't have much experience with
i cloned your repo and tried running the project. theres an unhandled CSE when i try to sign up
Error: async/await is not yet supported in Client Components, only Server Components. This error is often caused by accidentally adding 'use client' to a module that was originally written for the server.I’m not home unfortunately, it’s odd you’re getting this issue since I haven’t gotten this error.
all good
there are a few issues i'm seeing as i'm playing around here. the biggest is probably your
useMutation onError handlers
you never really know what might fail, so you should always log errors
you can customize the query client to log all errors by default, so you don't have to do it for each query/mutation:
https://tkdodo.eu/blog/react-query-error-handling#putting-it-all-together
sorry, ignore that last bit. i was missing the app url env variable
i've successfully registered + signed-in a user, redirecting to the workspace, without using NEXT_PUBLIC for the secretNice, how was it supposed to be done?
i only changed the
SignUpCard component
you had use client at the top, but it was an async component calling a server-only function
after updating it to be client-compliant, i ran through the signup/login flow w/o a problemI see, thanks a lot for your help. How did you debug it?
Didn’t seem so intuitive.
i set up the project, including the env keys (the way i expected them to work)
immediately the /sign-up page was failing to load because of the CSE
i was already looking for bleeds between client + server code, but i had to fix the CSE regardless by switching in the query hook
idk. i didn't do anything special. i think the big thing was adding in the error logs in the mutation hooks
you're headed in the right direction with the debugging logs, but you should be logging every error
does that answer your q? idk, i'm not totally sure what was going on w your api key. but there were definitely errors happening that you weren't being notified about
I understand. Thanks a lot for your help.
no problem!