Skip to content

Refresh token through cookie doesn't seem to work #114

Open
Open
Refresh token through cookie doesn't seem to work#114
@huywindear004

Description

@huywindear004
huywindear004
opened on May 7, 2026

This might happen due to the cookieData returned by loginByUsernamePassword (controllers/auth.js) func not set sameSite='none' explicitly. and so it causes some issues with the httponly cookies in crosssite req https://stackoverflow.com/a/74036481/22533611

Is it left omitted on purpose?

DummyJSON/src/controllers/auth.js

Lines 45 to 53 in 3ba59c1

return {
...payload,
accessToken,
refreshToken,
cookieData: {
httpOnly: true,
secure: true,
maxAge: expiresInMins * 60 * 1000, // convert minutes to milliseconds
},

DummyJSON/src/routes/auth.js

Lines 11 to 16 in 3ba59c1

const { accessToken, refreshToken, cookieData, ...payloadData } = payload;
res.cookie('accessToken', accessToken, cookieData);
res.cookie('refreshToken', refreshToken, cookieData);
res.send({ accessToken, refreshToken, ...payloadData });

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions