Comments (6)
@HoneyMeat express is using cookie version 0.5.0 internally, which discards the partitioned option. You can manually build your cookie and set your response header. For that you have to use cookie 0.6.0 as a dependency:
import { serialize } from 'cookie';
const cookie = serialize('myCookieName', 'mySessionId', {
httpOnly: true,
sameSite: 'none',
secure: true,
partitioned: true,
path: '/',
});
return res.setHeader('Set-Cookie', cookie).status(200).send();
from session.
Same problem over here. Updated express package to 4.19.0 and express-session to 1.18.0, both have 0.6.0 version of the cookie
package. The cookie is being set with no partition applied.
app.use(session({
resave: false,
saveUninitialized: false,
secret: mySecret,
cookie: {
domain: myDomain
path: '/',
sameSite: !_.isNil(sameSite) ? sameSite : 'lax',
secure: !!(!_.isNil(secure) && secure.toLowerCase() === 'true'),
partitioned: true, // <-- HERE is where the attribute has to be set according to Express Session docs
},
store: storeObject,
}));
Any tips on this??
from session.
@JoseAlbertoVazq if you check with developer tools, what do you see on your response headers, the response which sets the cookie?
If it is malformed browser might silently discard it.
from session.
@JoseAlbertoVazq If you are checking the dev tools on a different domain than which the cookie is set, your cookie connect.sid
is expected to not show up. Are you sure you are checking it from the domain it is set?
Partition
option makes the cookie work only from the domain it is set.
from session.
@JoseAlbertoVazq If you are checking the dev tools on a different domain than which the cookie is set, your cookie
connect.sid
is expected to not show up. Are you sure you are checking it from the domain it is set?
Partition
option makes the cookie work only from the domain it is set.
The cookie is always shown but when I set the Partitioned attribute, and it always was like that, I'm running it on the same domain (on local, and on staging, but those are two different tests local --> local and staging --> staging)
from session.
Okay so I found the solution for my case. I am also using cookie-parser
and its last release if from three years ago, so the cookie
lib in its package.json was the 0.4.1
version.
Make sure to add this to your package.json
npm:
"overrides": {
"cookie": "0.6.0",
"cookie-signature": "1.2.1"
}
yarn:
"resolutions": {
"**/cookie": "0.6.0",
"**/cookie-signature": "1.2.1"
}
Also, ensure that the secure
attribute in the CookieOptions
object is set to true
and is not being overridden by anything else in any other place in your code.
Now it's working for me !!
from session.
Related Issues (20)
- Session always response the last login session when enable rolling with iisnode proxy HOT 1
- When Run frontend and backend in diff domain it not working HOT 2
- Undefined session object with apollo v4 express and express-session HOT 1
- Regenerated session is re-saved even if not modified since save HOT 1
- Allow for sessions to be shared between subdomains. HOT 1
- Invalid argument type express-session "1.17.3" and redis "4.6.7", HOT 1
- Request session destroy does not always resolve before returning HOT 1
- TypeError: Cannot read properties of undefined (reading 'reload') HOT 4
- [FEATURE REQUEST] Session Async Methods
- `SESSION.DESTROY()` DOES NOT DELETE SESSION. HOT 7
- A `destroy`ed session is still `touch`ed HOT 1
- cookie options won't get set HOT 13
- [Feature Request] Support of phasing out third-party cookies HOT 16
- req.sessionStore.all with typescript bug? HOT 7
- Don't `Set-Cookie` for static/public files? HOT 2
- Issue HOT 1
- 'sha1' hash algorithm used at index.js is unsafe HOT 3
- Any good ways to refresh database data with a session? HOT 4
- Get session object from `req.session` outside of request context HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from session.