For all those struggling with this cookie auth: I have found a solution for my case.
So my config like something like this:
My Client: https:// client.lorem.com
Strapi: https://strapi.lorem.com
Until now I cannot achieve the very last task: make the browser to save the cookie. The cookie itself was correctly set by the server and attached to the response header but for some reason the browser didn’t want to save the cookie, which would be then visible under application/cookies
in Chrome.
The solution was quite simple: the key is to set the right URL for cookie’s domain
in Auth.js
.
I was convinced that in my case it should be my client’s URL. Then I removed https://
but still it didn’t work. I don’t know why but after some time and a few re-deployments of Strapi I could see a yellow icon with a following warning: set-cookie domain attribute was invalid with regards to the current host url next to response set-cookie
. It turned out that domain
must be set either to lorem.com
or strapi.lorem.com
. Finally with so adjusted domain the cookie will be saved in the browser under both client and api URL and the whole authentication process will working.