I've been reading for a whole day about people who had this same problem and i've tried everything I could, but cant seem to make it work.
I think it's related to browser security policy, my server and client are running both on different localhost ports and browser threats them as different domains.
However, as I said, the cookie its set if I make the post request from Postman.
Cookieparser and cors are enabled and tried multiple configurations for them, none worked.
Also tried different settings for domain and path with same result.
I also thought that it could be related to my browser addons or something like that, but I tried with incognito, other browsers and got the same results...
The client app its on Angular, but I doubt that has anything to do with the problem from what I've read.
res.cookie("SESSIONID", jwtBearerToken, { domain: 'localhost', secure: false, httpOnly: false, path: '/', maxAge: 9000000 }).send();
What I get on browser:
Thanks
Solved it myself.
Had to specify the origin, seens like wildcard '*' wasnt valid with credentials
app.use(cors({
origin: 'http://localhost:4200',
credentials: true
}));
Then on my angular http request I had to add withCredentials: true (which I already tried, but using the wildcard on the origin).
Hope this is useful for anyone!