TanStackT
TanStack10mo ago
6 replies
then-purple

Setting cookies when you have a separate server that manages auth

I have a separate golang server and I am using tanstack-start. I have a verify otp route that sets a session cookie. I am calling this endpoint from a server function. Now in an ideal world, the cookie on my browser would automatically be set, but it does not get set. Does this have anything to do with server functions not having a stable public url? Server runs on localhost:8080, client runs on localhost:3000.

export const serverVerifyOtp = createServerFn({ method: "POST" })
  .validator((data: unknown): typeof VerifyOtpInput.infer => {
    return VerifyOtpInput.assert(data)
  })
  .handler(async ({ data }) => {
    const res = ofetch<string>("http://localhost:8080/v1/auth/verify-otp", {
      credentials: "include",
      method: "POST",
      body: {
        email: data.email,
        token: data.token,
        otp: data.otp,
        identifier: "email_verification"
      }
    })
      .catch(error => {
        throw error.data as typeof validateOtpErr.infer
      })
    return res
  })

This works perfectly well when I call these functions using tanstack-query, but the moment i chuck it inside 
createServerFn
, browser does not automatically set the cookies when I get a response from my server. I am pretty certain there's something I might be missing.
Was this page helpful?