Giters

raulrene / react-express-passport-boilerplate

Boilerplate with React Hooks, Express, Passport, Mongoose and role-based routing (based on react-scripts)

Home Page:https://react-express-mongoose-demo.herokuapp.com/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Question about the cookie

cty945 opened this issue · comments

commented

This is actually not an issue but a question instead.

May I ask how/when did the cookie got saved into browser? I was looking for a line such as cookies.set() in the client side but could not find it and the cookie was set correctly indeed somehow.

commented

@cty945 so first of all in cookie-based authentication the cookie should be set by the server-side not by the client-side, since it's more secure and you can set a HTTP-only cookie that is not available for the client-side to edit. So the server sets the cookie on the response, and if you send cookies on HTTP responses the client automatically stores them.

Secondly, regarding your question, if you check the code you can find a comment in routes/api.js

// When using passport with callback, we have to manually call req.login to set the Cookie
    req.login(user, async () => {

So what's happening is that passport has a built-in cookie.set method that's being called on req.login

commented

Thanks for the response! Yes I understand that the cookie has been set by the server. But the problem I encountered is actually on the client side. "the client automatically stores them" is not happening on my end when I try to reproduce it. Yes I did checked the response in Network tab, the cookies are there, but the client is not automatically storing them for some reason so that when the code checks whether the user has logged in it returned false.

commented

Hello again.
Are you referring that it's not working in the context of this project, or in general?

In regards to this project, I just checked and ran a local setup called "Bla" node ./setup.js Bla and tested the login in the browser and the cookie is stored fine. See here a screenshot: https://i.imgur.com/Se2PwiS.png

Things for you to check

  • make sure you ran setup.js and have both the server and the client up and running (server must be connected to a mongodb instance)
  • login via the default credentials from _insertDefaultUsers or with the ones you set, if you changed them
  • make sure you're not using incognito, although it shouldn't have anything to do with it. Nor should adblockers, as I'm using adBlockers and it's working fine

If it's related to some other project I'm not sure I can help you much