Hey everyone, I’m having trouble with my web app. The backend (NestJS, Redis, Postgres) and frontend (NextJS) run on different subdomains, and authentication relies on Redis sessions with cookies. When testing locally, everything works fine, but once deployed, the frontend isn’t receiving the auth cookie from the backend. The response header is missing Set-Cookie. I’ve configured CORS and session management on the backend, and nginx is set up to forward cookies and headers. However, the issue persists. Here’s a revised example of my backend setup:
app.use(session({
cookie: {
domain: '.mysite.com',
secure: true,
sameSite: 'none'
},
store: new RedisStore()
}));
app.enableCors({
credentials: true,
origin: 'https://front.mysite.com'
});
Any thoughts on what might be causing this? Could nginx be affecting the cookie transmission in the deployed environment?
I encountered a similar issue in a production environment. One often-overlooked aspect is the cookie’s ‘HttpOnly’ flag. Ensure it’s set to false if your frontend JavaScript needs to access the cookie. Additionally, verify that your backend is actually setting the cookie in the response. You can use tools like Postman to test the API directly and confirm the Set-Cookie header is present. If it’s there in Postman but not in your browser, it could point to a CORS or browser security setting issue. Lastly, double-check your SSL configuration. Some browsers won’t accept cookies over insecure connections, even if marked as secure.
hey, ive had similar issues. check ur nginx conf - might be stripping cookies. also, make sure ur backend domain matches the cookie domain exactly. sometimes browsers are picky bout that. if all else fails, try debuggin with browser dev tools to see whats goin on with the cookies during requests.