📜 Description
Session authentication is configured on the backend, but session cookies are not being persisted across requests.
This happens because:
- CORS is configured using
cors('*'), which is not a valid configuration for credentialed requests.
- The frontend login request does not send cookies (
credentials: 'include' is missing).
As a result, authentication succeeds initially, but subsequent requests do not contain the session cookie, causing the session to be lost.
Expected Behavior
- Session cookies should be set and persisted after login.
- Authenticated requests from the frontend should include the session cookie automatically.
Current Behavior
- Login request succeeds.
- No session cookie is stored/sent with subsequent requests.
- Backend treats each request as unauthenticated.
Suggested Fix
Backend
Configure CORS with explicit options instead of cors('*'):
app.use(cors({
origin: 'http://localhost:3000',
credentials: true,
}));
📜 Description
Session authentication is configured on the backend, but session cookies are not being persisted across requests.
This happens because:
cors('*'), which is not a valid configuration for credentialed requests.credentials: 'include'is missing).As a result, authentication succeeds initially, but subsequent requests do not contain the session cookie, causing the session to be lost.
Expected Behavior
Current Behavior
Suggested Fix
Backend
Configure CORS with explicit options instead of
cors('*'):