2 replies

Session/Cookies not being set in production

Hello all, I am facing an issue where Session/Cookies are being set while testing locally, but not in production. Both frontend and backend urls are on render. Below are my auth configs:

Backend server (Express):

 const crossSubDomainCookiesConfig = process.env.NODE_ENV === 'production' ? {
  enabled: true,
  domain: process.env.API_SERVER_URL!,
} : undefined

const prisma = new PrismaClient();

export const auth = betterAuth({
  database: prismaAdapter(prisma, {
    provider: "postgresql",
  }),
  emailAndPassword: {
    enabled: true,
  },
  trustedOrigins: [
    process.env.CLIENT_URL!
  ],
  plugins: [
    customSession(async ({ user, session }) => {
      const adminEmails =
        process.env.ADMIN_EMAILS?.split(",").map((email) => email.trim()) || [];
      const isAdmin = adminEmails.includes(user.email);
      return {
        user: {
          ...user,
          role: isAdmin ? "ADMIN" : "USER",
        },
        ...session,
      };
    }),
  ],
  session: {
    expiresIn: 60 * 60 * 24 * 7,
    updateAge: 60 * 60 * 24, 
    cookieCache: {
      enabled: true,
      maxAge: 5 * 60,
    },
  },
  advanced: {
    crossSubDomainCookies: crossSubDomainCookiesConfig,
    useSecureCookies: process.env.NODE_ENV === 'production',
    defaultCookieAttributes: {
      sameSite: process.env.NODE_ENV === 'production' ? 'none': 'lax',
    },
  cookie: {
      sameSite: process.env.NODE_ENV === 'production' ? 'none': 'lax',
      secure: true,
      domain: process.env.NODE_ENV === 'production' ? process.env.SERVER_URL : undefined,
      path: '/',
    }
  }
});

 const crossSubDomainCookiesConfig = process.env.NODE_ENV === 'production' ? {
  enabled: true,
  domain: process.env.API_SERVER_URL!,
} : undefined

const prisma = new PrismaClient();

export const auth = betterAuth({
  database: prismaAdapter(prisma, {
    provider: "postgresql",
  }),
  emailAndPassword: {
    enabled: true,
  },
  trustedOrigins: [
    process.env.CLIENT_URL!
  ],
  plugins: [
    customSession(async ({ user, session }) => {
      const adminEmails =
        process.env.ADMIN_EMAILS?.split(",").map((email) => email.trim()) || [];
      const isAdmin = adminEmails.includes(user.email);
      return {
        user: {
          ...user,
          role: isAdmin ? "ADMIN" : "USER",
        },
        ...session,
      };
    }),
  ],
  session: {
    expiresIn: 60 * 60 * 24 * 7,
    updateAge: 60 * 60 * 24, 
    cookieCache: {
      enabled: true,
      maxAge: 5 * 60,
    },
  },
  advanced: {
    crossSubDomainCookies: crossSubDomainCookiesConfig,
    useSecureCookies: process.env.NODE_ENV === 'production',
    defaultCookieAttributes: {
      sameSite: process.env.NODE_ENV === 'production' ? 'none': 'lax',
    },
  cookie: {
      sameSite: process.env.NODE_ENV === 'production' ? 'none': 'lax',
      secure: true,
      domain: process.env.NODE_ENV === 'production' ? process.env.SERVER_URL : undefined,
      path: '/',
    }
  }
});

(frontend auth config provided in the first reply)

I had added the "advanced" configurations after referring to a couple of GitHub threads discussing similar issues.

Session/Cookies not being set in production

Session/Cookies not being set in production

Similar Threads

Similar Threads

Similar Threads