Set-Cookie is not working when deployed on vercel

[shubham-praj1106]

Summary

I have a next js frontend (13.5.6) and node js express(4.18.1) backend hosted on different domains. The next js has a middleware, which checks if the user has cookies while sending the request or not and if not it calls a backend api and sets the cookies on client-side. Suddenly it has stopped working.

Previously this same code was setting both (accessTokenand refreshToken), but now it only sets the token which is 1st defined, the other token is not shown in client side cookies (this code also works locally, but when deployed it start to set only 1 token)

Additional information

The below code snippet was working previously, but it stopped working suddenly.

//Next js middleware
export async function middleware(req) {

if (jwtCookie !== undefined && refreshTokenCookie !== undefined) {
    return NextResponse.next();
  } else {
    const resVisitor = await fetch(`${getcookiesurl}`, {
      method: "GET",
      credentials: "include",
    });

   const response = NextResponse.next();

  response.headers.set("set-cookie", resVisitor.headers.getSetCookie()); // --> This was previously setting 2 cookies (access & refresh) , now only sets 1 (access)

   return response;
   }

//Node js controller

export const getCookie= async (request, response, next) => {
response.cookie(
      "accessToken",
      access_token,

      {
        path: "/",
        httpOnly: true,
        secure: true,
        sameSite: "None",
        maxAge: 15 * 24 * 60 * 60 * 1000,
      }
    );

    response.cookie("refreshToken", refresh_token, {
      path: "/",
      httpOnly: true,
      secure: true,
      sameSite: "None",
      maxAge: 15 * 24 * 60 * 60 * 1000,
    });
    
    return response
}

Example

No response

[kirasiris]

Were you able to solve it? I'm facing the same issues!.

[amjido-01]

please i also need the solution to this problem

[kusal123j]

const allowedorigins = [
"http://localhost:5173",
];

app.use(
cors({
origin: allowedorigins,
credentials: true,
})
);

app.set("trust proxy", 1); // Trust Vercel reverse proxy

app.use(
session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: MongoStore.create({
mongoUrl: process.env.MONGO_URI,
collectionName: "sessions",
}),
proxy: true,
cookie: {
httpOnly: true,
secure: true, // Needed for HTTPS (Vercel is always HTTPS)
sameSite: "none", // Required for cross-site cookies
maxAge: 1000 * 60 * 60 * 24 * 7, // 7 days
},
})
);

This work for Node.js and express.js