如何将 firebase session cookie 从服务器发送到前端

Question

The problem that I am facing is that the session cookies created on the server seem to not be available on the browser. I'm using firebase session cookies which can be found here: ( https://firebase.google.com/docs/auth/admin/manage-cookies )

Below is the code I have

Server

• index.js

const express = require('express');
const cors = require('cors');
const cookieParser = require('cookie-parser');

const app = express();

app.use(cookieParser());
app.use(cors());
app.use(express.urlencoded({extended: true}));
app.use(express.json());

• user.js

userRouter.post('/sessionLogin', (req, res) => {
  console.log("Got session login request");
  // Get the ID token passed and the CSRF token.
  const idToken = req.body.idToken.toString();

  // Set session expiration to 5 days.
  const expiresIn = 60 * 60 * 24 * 5 * 1000;

  fb.auth().createSessionCookie(idToken, {expiresIn})
    .then((sessionCookie) => {
      const options = {maxAge: expiresIn, httpOnly: true, secure: true};
      res.setHeader('Cache-Control', 'private');
      res.cookie('__session', sessionCookie, options);
      return res.send(JSON.stringify({status: 'success'}));
    }).catch((error) => {
        res.status(401).send('UNAUTHORIZED REQUEST!');
    });
});

Frontend

fb.auth.signInWithEmailAndPassword(email, password).then(user => {
   return user.user.getIdToken().then(idToken => {
        console.log(idToken);
       //document.cookie = '__session=' + idToken + ';max-age=3600';
       return ref.postIdTokenToSessionLogin(idToken);
   });
})

When I use postman I'm able to see the session created as expected postman session picture

My server and frontend are hosted on different domains. I can't seem to wrap my head around this any ideas would be highly appreciated.

Thanks,

Answer 1

You cannot share cookies across domains (unless they are subdomains). See Cross-Domain Cookies for a related discussion.