Cookie Comes Back As undefined
Hello. I'm using Hono and having an issue setting a cookie on one endpoint and retrieving it in the middleware of another. I was wondering if someone could advise as to why it comes back
undefined. Thanks!
I am also open to alternate options for passing around auth tokens.17 Replies
I don’t follow?
hey @Lambo!
a few small tweaks might be helplful, though they probably won't fix:
-
domain: instead of pulling dynamically from Request, this should be hard-coded (e.g., in your .env variables) to a deployment
- secure: this should only be true in production, e.g., secure: process.env.NODE_ENV === 'production' (unless you're running https locally, but still)
- expires and maxAge accomplish the same goal, but maxAge is newer + more resilient. just use that, instead of both
actually, now that i think about it, secure is probably your problem
everything else seems legit
except for this bit: authRouter.get('callback',Ignore that was from my pocket
@Lambo i assume you've verified that the cookie is set/available on the client
Hey, thanks for the response (and no worries about the pocket typing haha).
I am in bed now but I will give those amends a go tomorrow. I could not see the cookie set on the client, but assumed maybe it was because it was secure or something, but your explanation makes sense.
I’m using Workers Pages Functions locally if it’s of any reference
happy to help!
if you can't see the cookie in your browser, that's probably a red flag
http-only cookies can't be interacted w using client-side js, but they should still show up in the inspector
one thing you could try:
after you set the cookie, in the same handler/middleware, log out
c.header() or whatever, and take a look at the cookie header
that will confirm whether it's being set at all, and give you a better sense of whether any values look funky
(but domain and/or secure seem to be the most likely culprits, atm)Hey @ambergristle - still no luck, unfortunately.
1. I changed
secure to c.env.WORKER_ENV === 'prod'
2. Tried setting domain to http://localhost:8788, localhost:8788 and localhost
3. Removed expires
All of these log undefined:
...and I see nothing in the browser suggesting a cookie is set either
Any other pointers you may have?hmmm
you're doing those logs in the same handler/middleware that's supposed to set the cookie?
this isn't the actual path/endpoint, right?
authRouter.get('callback', ...)
i might try dropping sameSite to Lax
without knowing more about your setup, my next play would be to start w a vanilla cookie (just key/value, no settings) and see if that gets set
then start adding things back in until it breaks (unless it didn't get set, in which case you know your config isn't the issue)\
@Lambo do you have cors set up?Yeah. So I have GET /auth/callback which sets the cookie.
No CORS setup
I can have a play around in a few hours after work
try adding the hono cors middleware, shouldn't need to config
idk if this will help, but it seems relevant: https://stackoverflow.com/questions/78718083/response-set-cookie-not-working-but-only-on-cloudflare-pages-workers
Stack Overflow
Response Set-Cookie not working, but only on Cloudflare Pages/Workers
I am working on a simple app with Auth.js and Next.js. In specific, I am using it with WebAuthn authentication.
So, I have a pretty similar auth.ts setup:
export const { handlers, signIn, signOut, ...
oh, one of the reasons the first two are logging
undefined is that you actually want c.req.header('cookie')
c.header is a setter only, not a getterNo different with lax or CORS or not setting any options
Oh wait, I had to remove the
c.header() as that just overwrite. Getting a result now
Cool, let me start adding things back
Looks like sameSite: 'strict' was doing it. lax is fine
Thank you so much, finally unblocked!let's gooooo
i've found the lucia auth docs really helpful (though they're still sort of WIP)
(and the Copenhagen Book it's based on)
i'm new to building auth, and they've helped contextualize all the different bits
That’s great, I’ll give it a read. Thanks for the recommendation