Adonis 5 Error-Invalid Session using auth.authenticate() with cookies

[dajpes]

Hey everyone, I have an error when trying to use auth.authenticate() with adonis 5 api. What I'm trying to achieve is once I have successfully logged in the user, then I a get request to get the user associated to that login (using nuxt, but the error happens even if I use postman)

I have two controllers:

//Route.post("api/login", AuthController.login)
//Controller
public async login({ request, auth }: HttpContextContract) {
    const { email, password } = request.all();
    await auth.verifyCredentials(email, password);
    await auth.attempt( email, password);
        //This is working as expected
  }


//Route.get("api/me", AuthController.me)
//Controller
public async me({  auth, response }: HttpContextContract) {
    const user =await auth.authenticate() // This throws an error saying "E_INVALID_AUTH_SESSION: Invalid session"
   response.ok({ userName: user.name})
   
  }

I called "api/me" once the request api/login is successful

This is my session.config and auth.config

const sessionConfig: SessionConfig = {
driver: Env.get('SESSION_DRIVER', 'cookie') as string,
cookieName: 'adonis-session',
  clearWithBrowser: false,
age:'2h',
 cookie: {
    path: '/',
    httpOnly: true,
    sameSite: true,
  },
    file: {
    location: '',
  },
    redisConnection: 'session',

}

const authConfig: AuthConfig = {
  guard: 'web',
  list: {
    /*
    |--------------------------------------------------------------------------
    | Web Guard
    |--------------------------------------------------------------------------
    |
    | Web guard uses classic old school sessions for authenticating users.
    | If you are building a standard web application, it is recommended to
    | use web guard with session driver
    |
    */
    web: {
      driver: 'session',
      provider: {
        driver: 'lucid',
        identifierKey: 'uid',
        uids: ['email'],
        model: () => import('App/Models/User')
        },
     
    },
  },
}

And this is my package.json

  "dependencies": {
    "@adonisjs/application": "^3.0.20",
    "@adonisjs/assembler": "^3.1.1",
    "@adonisjs/auth": "^5.1.1",
    "@adonisjs/core": "^5.0.4-preview-rc-2.1",
    "@adonisjs/lucid": "^10.0.0",
    "@adonisjs/repl": "^1.1.6",
    "@adonisjs/session": "^4.0.6",
    "app-root-path": "^3.0.0",
    "jimp": "^0.14.0",
    "luxon": "^1.25.0",
    "moment": "^2.29.1",
    "mysql": "^2.18.1",
    "phc-argon2": "^1.0.11",
    "proxy-addr": "^2.0.6",
    "reflect-metadata": "^0.1.13",
    "slugify": "^1.4.6",
    "source-map-support": "^0.5.19",
    "uuid": "^8.3.1",
    "validator": "^13.5.2"
  }
}

This error always happens no matter if I use my front end app, using .rest vscode extension or even postman

[thetutlage]

Is your Nuxt app running on the same domain? Note, cookies cannot be shares across domains

[damian-perez-globant-zz]

the adonis api is working on localhost:3333 has http and my nuxt app is working in localhost:3000

[dajpes]

Solved, jsut like @thetutlage said, my front end and back end were using different hostnames. My front end was 127.0.0.1:3005 and my BE was localhost:8000, so the only thing that I had to do to make the cookies work was setting my front end to localhost instead of the api.

Thank you!

[MANTENN]

Did this happen for POST requests for you? My frontend is separate and I am using the session driver for web auth. The cookies work with GET requests however with POST I get the same message as you do. I also noticed there is a different cookie being attached that I haven't pinned down from where its coming.

[MANTENN]

Edit: those are the response cookies, no cookies are included with the POST request. Can ignore my message.

[MANTENN]

In my case someone did not add the credentials include flag to the fetch.

[meshackjr]

@thetutlage @damian-perez-globant-zz What if i am using reverse proxy ? How can this be solved ?