Search code examples
gocookiescorssession-cookiesgo-fiber

Browser doesn't save cookie


I'm using Go Fiber and it's session middleware for a simple authentication system. Every thing is working except that the browser doesn't save the cookie. my backend is served on https://127.0.0.1:3033 and my frontend is on https://127.0.0.1:4321

this the cookie sent by server :

session_id=7bbb86ac-04e7-43b2-8f0a-345d720efa35; max-age=900; domain=127.0.0.1; path=/; HttpOnly; secure; SameSite=None

This is my Fiber Session config :

func initSessionStore() *session.Store {
    store := session.New(session.Config{
        CookieHTTPOnly: true,
        Expiration:     time.Minute * 15,
        Storage:        sqlite3.New(),
        CookieSecure:   false,
        CookieSameSite: "None",
        CookieDomain:   "127.0.0.1",
        CookiePath:     "/",
    })
    return store
}

This my cors config:

cors.New(cors.Config{
            AllowOrigins:     os.Getenv("FRONTEND_URL"), // 127.0.0.1:4321 
            AllowCredentials: true,
        }),

What I've already tried:

  • serving my apps on Https
  • using fake domains (subdomain for backend)
  • trying different browsers

Solution

  • So finally I found out why this didn't work.

    I forgot to use credentials:"include" where the OAuth was landing in the front end, I can't believe I have forgotten that ...