Not seeing cookies
jamesmbowler opened this issue · comments
Great work!
I tried this out on my local, and I don't see any cookies saved. I just see "{}" when I visit the "auth" endpoint. Everything seems to work, as I get redirected to Github's oauth page, and then back. Then, I tried it on your site, https://login-with.now.sh/login , and I see the same thing. Everything appears to work, and your app is my Github authorized Apps ( https://github.com/settings/applications ), along with my app. I did a console.log(user) under
onAuthenticationCallback: (req, res, next) => { const type = req.path.split('/')[1] passport.authenticate(type, (error, user) => {
and the user is there, in the format that is set up in github.js.
I tried a try/catch around the res.cookie section, and there were no exceptions.
Any ideas?
Hi! Thanks for your feedback!
Chrome 56 which has been released just a few days ago seems to have introduced a bug 😱 which prevents setting cookies from subdomains (created an issue). Firefox, Safari and Chrome 54 and 55 are working just fine with website (login-with.now.sh).
However, I am not sure if you are trying to run on your local machine ("localhost"). This does not work and probably will never work, since the security details and URL's invoked are just SOOO different (header, options, protocols, locations).
Created an issue at chrome: https://bugs.chromium.org/p/chromium/issues/detail?id=692655
This has been confirmed to be a bug appearing at Chrome 56 (Linux and Mac) and later. Keeping this open for now, even if this is not a bug with this project.
I finally set this up on a domain, and it works. It also works on Chrome. The cookies are set properly. (Although, I don't see the "welcome" message, but I think that's another thing.)
I went and checked https://login-with.now.sh/ again, but I still don't see the cookies there. I don't know why it works on mine and not on yours ..
That is strange 🤔. Thanks for sharing this information.
Happy that this project is working for you! Thanks for using it 💐
Is your project hosted with now? Could you share a link?
Maybe there is important difference (e.g. headers) with regard to the Chrome bug which helps tracking down the problem.
Oh, and I'm not hosting with now. Just using express, apache, on Ubuntu.
You need https as required by "secure-only" cookies.
BTW: now.sh cannot share wildcard cookies:
https://chromium.googlesource.com/chromium/src/+/d81b12d08c29a8a6d8d9434d4d1d2d0c14230d53%5E%21/