api/auth/get-session returns null in prod but works locally
hi, my backend is made with express/node.js and my frontend with nextjs but the get-session api returns null in production whereas everything works perfectly locally.
27 Replies
when I go to the url localhost:8080/api/auth/get-session it sends me back
but when I'm in production it gives me a blank page. Of course with the https link instead of localhost

Do your server logs say anything?

no it says everything is ok
Odd
I have something similar but I think that might just be a CORS issue
Your requests look like they come in whereas mine stay stuck on pending for 5min and then they’re cancelled
what I find suspicious is that when I'm local and I go to the get-session api link, it displays the session correctly, whereas in production it returns null, and even worse, there's no error that could facilitate debugging.
I have exactly the same setup and the exact same issue. Various solutions about a month ago didn't help, see: https://discord.com/channels/1288403910284935179/1359765737140523060
I'm still having the same problem. Everything works fine on localhost. In deployment, only client-side useSession works; there's no chance of a server-side getSession, even though the cookies are logged correctly...
There's a Notion link to my code in my blog post.
ok thanks for your help, i'll try to solve it if i can i'll give you the solution
Hey
Is your API on a different domain from your website
This looks like a cross-domain cookie issue
Add this to your auth.ts
Yep, also got simmilar problem and cross domain cookies are the way. Remember to also clear cookies regularly so you will know when exactly you fixed the issue.
the NODE_ENV check is because Safari won't work on localhost if you use sameSite none secure true on dev
Thank you very much, you should have added the advenced parameter so that cookies can reach the frontend.
ah bas I got excited too early it works on ARC PC but when I switch to mobile it doesn't work the same way as safari on PC.
Try in incognito
Yes I tried with incognito and even on other mobile but still no and strangely on pc with arc it works but not with safari
here's my auth.js config on the backend
Try adding also crosssubdomain cookies.
advanced: {
crossSubDomainCookies: {
enabled: true
}
}
by adding sub-domains even the pc version on arc no longer works
This is my protected page
and my auth-client.ts
show auth.ts
oh nvm i see it above
trustedOrigins
you probably need more trustedOrigins
Cant you use their provided solution for fetching the session on the client-side?
Maybe this would be the solution
you can export the useSession hook from the client auth
Then I think it's more of a server-side problem, but I'll give it a try with useSession.
Meaning?
Trusted origins is used for which domains are allowed to get cookies. I’d make sure to double check your error logs for origin issues
He means to set it in the auth config. @M_Cavus
trustedOrigins: []
Yes, I've already configured trustedOrigins here's what I've put
@M_Cavus am also facing issue of 401, but signin and signup wrks am trying to access backend from server but returns 401, by server mean Nextjs app router use server
I found this not working because I had not added partitioned: true in defaultCookieAttributes
Oh interesting I wonder why that is required for you, I haven't had to set that option
Neither