Deploying a Node.js API on AWS leads to cookie-based JWT authentication passing locally but failing (403) in production. Advanced cookie settings seem ineffective. For instance:
hey im curious abt your config - perhaps aws proxies are mishandling secure cookies? i had similar issuz and fiddled with load balancer setting, but not sure if that helps here. did u try another approach? what else got you thinking in this direection?
hey boldpainter, maybe its a cors and cookie domain mismatch. i fixed mine by double checking header passthru in my aws lb. sometimes secure flag and loadbalancer settings mess upp proper cookie propogation.
In my experience with AWS deployments, issues with retrieving cookie tokens can often be traced back to subtle misconfigurations on the server or intermediary services. I encountered a similar problem where the API was not receiving cookies properly because the domain attribute was not set according to the production environment requirements. Verifying that the API Gateway or load balancer does not truncate necessary header information was essential. It also helped to ensure that both the client and server operate under a consistent domain or subdomain structure, allowing cookies to be properly recognized and processed.