In the local case, cookies are shared between the backend front ends and the login is maintained, but after deployment, the login is not maintained

Question

I am changing the settings in various ways It's failing

back/index.js

if (prod) {
    app.use(hpp());
    app.use(helmet());
    app.use(morgan('combined'));
    app.use(cors({
        origin: /api.nodebird\.com$/,
        credentials: true,
    }));
} else {
    app.use(morgan('dev'));
    app.use(cors({
        origin: true,
        credentials: true,
    }));
}
app.use(cookieParser(process.env.COOKIE_SECRET));
app.use(expressSession({
    resave: false,
    saveUninitialized: false,
    secret: process.env.COOKIE_SECRET,
    cookie: {
        httpOnly: true,
        secure: false, // https를 쓸 때 true
        domain: prod && '.terecal-nodebird.com',
        // domain: prod && '.terecal-nodebird.com',
    },
    name: 'rnbck',
}));

front/server.js

    server.use(expressSession({
        resave: false,
        saveUninitialized: false,
        // secret: '',
        secret: process.env.COOKIE_SECRET,
        cookie: {
            httpOnly: true,
            secure: false,
        },
    }));

Why does it work fine on my local server but not on Amazon servers?

And in local environment, if I request to localhost: 3060, login is maintained, but at 127.0.0.1:3060, login is not maintained

Maybe it has something to do with this?

If you know, please let me know Thank you

In production, in which domains do the backend server and frontend server lives? — Jackyef, Dec 22 '19 at 04:16
back:api-terecal-notebird.com, front:terecal-nodebird.com thanks — terecal, Dec 22 '19 at 06:06

score 0 · Answer 1 · answered Dec 22 '19 at 06:15

0

You are deploying to 2 different domains

back: api-terecal-notebird.com
front: terecal-nodebird.com

You (generally) can not share cookies between domains. I assume it worked on your local environment because both live in localhost, so the cookie can be shared. You can read more about this here

My advice is to move your backend server to a same domain with your frontend, so they can share cookies between them.

Example: Move the backend server to api.terecal-nodebird.com and set your cookies to have a domain of .terecal-nodebird.com.

OR

You can just move the backend to terecal-nodebird.com/api.

answered Dec 22 '19 at 06:15

Jackyef

4,734
18
26

I need to maintain two domains because my goal is to build a front-end back-end server that uses two domains to communicate with each other. thank you – terecal Dec 22 '19 at 07:15
Do you mind if I ask why you specifically try to do that? – Jackyef Dec 22 '19 at 12:59

In the local case, cookies are shared between the backend front ends and the login is maintained, but after deployment, the login is not maintained

1 Answers1