401 Unauthorised with session cookie from VueJS

[simonjcarr]

I am trying to use AdonisJS Web Guard with my VueJS Application. Adonis uses cookies to store sessions.

I am able to send email and password and get a Set-Cookie response back from Adonis.
Here is the response to hitting the login route with the correct username and password

2 requests
1.0 kB transferred
Request URL:
http://localhost:3333/api/v1/auth/login
Request Method:
OPTIONS
Status Code:
204 No Content
Remote Address:
127.0.0.1:3333
Referrer Policy:
strict-origin-when-cross-origin
HTTP/1.1 204 No Content
access-control-allow-origin: http://127.0.0.1:8080
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,POST,PUT,DELETE
access-control-allow-headers: content-type
access-control-max-age: 90
set-cookie: adonis-session=s%3AeyJtZXNzYWdlIjoiY2xwbndueGd4MDAwMG5yNGQ3ZHdzM3V1YiIsInB1cnBvc2UiOiJhZG9uaXMtc2Vzc2lvbiJ9.WVYZUPD_2oj753pkNDS8zJtvLUjrnyW_r6fp2gWV1bs; Max-Age=7200; Path=/; HttpOnly
Date: Sat, 02 Dec 2023 10:23:10 GMT
Connection: keep-alive
Keep-Alive: timeout=5

However on future future fetch requests I get 401 Unauthorised.

Here is my controller code

public async profile({ auth, response }: HttpContextContract) {
    try {
      const user = await auth.use('web').authenticate()
      if (user) {
        return response.json(user)
      }
    }
    catch (error) {
      console.log(error)
      return response.status(401).send(error.message)
    }
  }

Here is the error that Adonis produces.

AuthenticationException: E_INVALID_AUTH_SESSION: Invalid session
    at Function.invalidSession (/home/[email protected]/dev/sp-meetings/sp-meetings-api/node_modules/@adonisjs/auth/build/src/Exceptions/AuthenticationException.js:82:16)
    at SessionGuard.authenticate (/home/[email protected]/dev/sp-meetings/sp-meetings-api/node_modules/@adonisjs/auth/build/src/Guards/Session/index.js:255:69)
    at AuthController.profile (/home/[email protected]/dev/sp-meetings/sp-meetings-api/app/Controllers/Http/AuthController.ts:32:42)
    at Injector.callAsync (/home/[email protected]/dev/sp-meetings/sp-meetings-api/node_modules/@adonisjs/fold/build/src/Ioc/Injector.js:124:30)
    at processTicksAndRejections (node:internal/process/task_queues:95:5) {
  redirectTo: '/login',
  responseText: 'E_INVALID_AUTH_SESSION: Invalid session',
  guard: 'web'
}

I have set credentials to true in the fetch request.

fetch("http://localhost:3333/api/v1/auth/profile", {
    method: "GET",
    credentials: "include",
    headers: {
      "Accept": "application/json",
    },
  })
    .then((res) => res.json())
    .then((data) => console.log(data))
    .catch((err) => console.log(err));

Adonis is running on http://127.0.0.1:3333 and my VueApp is running on http://127.0.0.1:8080

Cors is enabled and origin is to "*", but I have also tried true

Any ideas what I might be doing wrong.