Session/Cookies not being set in production
Hello all, I am facing an issue where Session/Cookies are being set while testing locally, but not in production. Both frontend and backend urls are on render. Below are my auth configs:
Backend server (Express):
(frontend auth config provided in the first reply)
I had added the "advanced" configurations after referring to a couple of GitHub threads discussing similar issues.
Backend server (Express):
const crossSubDomainCookiesConfig = process.env.NODE_ENV === 'production' ? {
enabled: true,
domain: process.env.API_SERVER_URL!,
} : undefined
const prisma = new PrismaClient();
export const auth = betterAuth({
database: prismaAdapter(prisma, {
provider: "postgresql",
}),
emailAndPassword: {
enabled: true,
},
trustedOrigins: [
process.env.CLIENT_URL!
],
plugins: [
customSession(async ({ user, session }) => {
const adminEmails =
process.env.ADMIN_EMAILS?.split(",").map((email) => email.trim()) || [];
const isAdmin = adminEmails.includes(user.email);
return {
user: {
...user,
role: isAdmin ? "ADMIN" : "USER",
},
...session,
};
}),
],
session: {
expiresIn: 60 * 60 * 24 * 7,
updateAge: 60 * 60 * 24,
cookieCache: {
enabled: true,
maxAge: 5 * 60,
},
},
advanced: {
crossSubDomainCookies: crossSubDomainCookiesConfig,
useSecureCookies: process.env.NODE_ENV === 'production',
defaultCookieAttributes: {
sameSite: process.env.NODE_ENV === 'production' ? 'none': 'lax',
},
cookie: {
sameSite: process.env.NODE_ENV === 'production' ? 'none': 'lax',
secure: true,
domain: process.env.NODE_ENV === 'production' ? process.env.SERVER_URL : undefined,
path: '/',
}
}
}); const crossSubDomainCookiesConfig = process.env.NODE_ENV === 'production' ? {
enabled: true,
domain: process.env.API_SERVER_URL!,
} : undefined
const prisma = new PrismaClient();
export const auth = betterAuth({
database: prismaAdapter(prisma, {
provider: "postgresql",
}),
emailAndPassword: {
enabled: true,
},
trustedOrigins: [
process.env.CLIENT_URL!
],
plugins: [
customSession(async ({ user, session }) => {
const adminEmails =
process.env.ADMIN_EMAILS?.split(",").map((email) => email.trim()) || [];
const isAdmin = adminEmails.includes(user.email);
return {
user: {
...user,
role: isAdmin ? "ADMIN" : "USER",
},
...session,
};
}),
],
session: {
expiresIn: 60 * 60 * 24 * 7,
updateAge: 60 * 60 * 24,
cookieCache: {
enabled: true,
maxAge: 5 * 60,
},
},
advanced: {
crossSubDomainCookies: crossSubDomainCookiesConfig,
useSecureCookies: process.env.NODE_ENV === 'production',
defaultCookieAttributes: {
sameSite: process.env.NODE_ENV === 'production' ? 'none': 'lax',
},
cookie: {
sameSite: process.env.NODE_ENV === 'production' ? 'none': 'lax',
secure: true,
domain: process.env.NODE_ENV === 'production' ? process.env.SERVER_URL : undefined,
path: '/',
}
}
}); (frontend auth config provided in the first reply)
I had added the "advanced" configurations after referring to a couple of GitHub threads discussing similar issues.
