Having trouble getting session cookie to store (lucia-auth, hono, cloudflare pages/worker)

My worker is hosted at api.domain.com and my frontend is using domain.com

When I post to api.domain.com/users from domain.com the response header shows the session cookie.

It then redirects to domain.com/email-verification, but the cookie is not stored in the browser.

What am I doing wrong? Any assistance is greatly appreciated.

Code (I removed some stuff to save space)
https://pastebin.com/70cy8PzV

Pastebin

```// IMPORTS SECTION// ---------------...// INTERFACES SECTION// -...

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

TechParadoxOP•8/11/24, 5:40 AM

Response:

Request URL:
https://api.instructor-ai.com/users
Request Method:
POST
Status Code:
201 Created
Remote Address:
104.21.42.89:443
Referrer Policy:
strict-origin-when-cross-origin
access-control-allow-origin:
https://instructor-ai.com
alt-svc:
h3=":443"; ma=86400
cf-ray:
8b15bd939978236a-EWR
content-length:
124

content-type:
application/json; charset=UTF-8
date:
Sun, 11 Aug 2024 05:14:13 GMT
nel:
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to:
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=he4L8jEVsb3Vf5PmVcS7RZah0TzzJUqAIz9H%2B%2F9ZfkiE9kEqafKclldHOS%2BnrA%2F5tjJ%2Bffy2MBCXfEMr%2FtcAxyPpS9GmwY06OBQpLZMz1g0jy5zdTy0y1z26ROaHpZkd83lVpGSYYG8%3D"}],"group":"cf-nel","max_age":604800}
server:
cloudflare
set-cookie:
auth_session=iexwez2e2idzc726kqnqob5tb5hrbndycaj74uce; Domain=instructor-ai.com; HttpOnly; Max-Age=2592000; Path=/; SameSite=Strict; Secure

Request URL:
https://api.instructor-ai.com/users
Request Method:
POST
Status Code:
201 Created
Remote Address:
104.21.42.89:443
Referrer Policy:
strict-origin-when-cross-origin
access-control-allow-origin:
https://instructor-ai.com
alt-svc:
h3=":443"; ma=86400
cf-ray:
8b15bd939978236a-EWR
content-length:
124

content-type:
application/json; charset=UTF-8
date:
Sun, 11 Aug 2024 05:14:13 GMT
nel:
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to:
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=he4L8jEVsb3Vf5PmVcS7RZah0TzzJUqAIz9H%2B%2F9ZfkiE9kEqafKclldHOS%2BnrA%2F5tjJ%2Bffy2MBCXfEMr%2FtcAxyPpS9GmwY06OBQpLZMz1g0jy5zdTy0y1z26ROaHpZkd83lVpGSYYG8%3D"}],"group":"cf-nel","max_age":604800}
server:
cloudflare
set-cookie:
auth_session=iexwez2e2idzc726kqnqob5tb5hrbndycaj74uce; Domain=instructor-ai.com; HttpOnly; Max-Age=2592000; Path=/; SameSite=Strict; Secure

TechParadoxOP•8/11/24, 5:41 AM

TechParadoxOP•8/11/24, 7:05 AM

Finally figured it out! In your fetch request, even if its a POST, you must set credentials: "include", credentials: "include", and in your cors set credentials / Access-Control-Expose-Headers to true.

Request URL: https://api.instructor-ai.com/users Request Method: POST Status Code: 201 Created Remote Address: 104.21.42.89:443 Referrer Policy: strict-origin-when-cross-origin access-control-allow-origin: https://instructor-ai.com alt-svc: h3=":443"; ma=86400 cf-ray: 8b15bd939978236a-EWR content-length: 124 content-type: application/json; charset=UTF-8 date: Sun, 11 Aug 2024 05:14:13 GMT nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=he4L8jEVsb3Vf5PmVcS7RZah0TzzJUqAIz9H%2B%2F9ZfkiE9kEqafKclldHOS%2BnrA%2F5tjJ%2Bffy2MBCXfEMr%2FtcAxyPpS9GmwY06OBQpLZMz1g0jy5zdTy0y1z26ROaHpZkd83lVpGSYYG8%3D"}],"group":"cf-nel","max_age":604800} server: cloudflare set-cookie: auth_session=iexwez2e2idzc726kqnqob5tb5hrbndycaj74uce; Domain=instructor-ai.com; HttpOnly; Max-Age=2592000; Path=/; SameSite=Strict; Secure

Having trouble getting session cookie to store (lucia-auth, hono, cloudflare pages/worker)

Similar Threads

Similar Threads

Similar Threads