I know the subject is discussed a thousand times, but I’ve tried every solution and still nothing.
React Axios:
async login(email: string, password: string) {
return await axios.post("http://localhost:3001/login", {
email: email,
password: password
}, {
withCredentials: true, headers: {
"Content-type": "application/json"
}
}).then(response => {
return response
}).catch(error => {
return error.response
})
}
Backend
app.use(cors({
exposedHeaders: "Authorization",
credentials: true,
origin: "http://localhost:3000"
}))
res.cookie('sessionUser', token, {
maxAge: 7200,
httpOnly: true,
secure: true,
sameSite: "none"
})
>Solution :
You have httpOnly set in your cookie. HTTP only cookies are only sent on a request made by the browser to the same origin as the page – they aren’t accessible via Javascript. So in this case your cookie is being sent to the server (this is what withCredentials: true does if I recall) but you won’t be able to access it from the JS.
What details do you need from the cookie? It’s generally recommended to store sensitive cookies as HTTPOnly – if you just need to pass non secure data back from the cookie then you could return it from your login endpoint as JSON maybe? If you are returning a token or something sensitive instead that you will need for future requests then I would keep that in your HttpOnly cookie as long as all the requests will be to the same domain.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies