Trouble understanding Express-session with Render

Will Express-session be able to set cookies in the browser if both the client and server are hosted on Render?

Sorry if this is a vague question, but I am trying to determine if I just have express-session / cors configured incorrectly or If I should just move on to a different method entirely.

Hi Ryan,

Thanks for reaching out.

There shouldn’t be any platform reasons why cookies wouldn’t be set from Express to the client.

If you’re still having trouble you may need to elaborate on your setup and what you’re trying to allow the community to assist you in troubleshooting, e.g.:

  • are the client/server hosted in the same Render service or separate
  • the domain(s) are involved
  • any errors/logs/output showing the issue.
  • reproduction steps
  • what you’ve already tried
  • etc.

Kind regards

Alan

The client is a static React app and the server is an Express app, both hosted on Render but with different services.

There actually aren’t any errors involved. I can see the sessionId in the response cookies from the google-oauth2 redirect, but they are not set in the browser for the Render client.

Here is my current setup, which works with localhost if I set secure to false:

app.use(
	cors({
		origin: ['http://localhost:3000', 'https://chat-app-0iem.onrender.com'],
		methods: ['POST', 'PUT', 'GET', 'OPTIONS', 'HEAD', 'DELETE', 'PATCH'],
		credentials: true,
	})
)
app.use(
	session({
		secret: EXPRESS_SESSION_SECRET,
		resave: false,
		saveUninitialized: false,
		cookie: {
			sameSite: 'none',
			secure: true,
		},
	})
)

I’ve tried a lot of different combinations with Session but I’m sure I missed something very simple

I was able to get it working by changing Firefox’s cookie blocking settings to only block tracking cross-site cookies, but this is only really a workaround not a fix in my opinion.

I will see if I can figure out a fix that can be implemented on the development side.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.