'httpOnly Cookie containing refresh token not persisting across multiple tabs using react
React Beginner Here. I'm building this login form using JWT stored in memory and httpOnly cookie. I've tried on multiple browsers and none of them persist between tabs. I need the refresh token to be stored even on shutdown yet have an expiry date. Code below
require('dotenv').config()
const express = require('express')
const app = express()
const jwt = require('jsonwebtoken')
const cors = require('cors')
// middleware
app.use(cors())
app.use(express.json())
app.use(express.urlencoded({extended: true}))
app.post('/', (req, res) => {
const { username, password } = req.body
const user = {username, password}
const accessToken = generateAccessToken(user)
const refreshToken = jwt.sign(user, process.env.REFRESH_TOKEN_SECRET)
res.status(200).cookie("refreshToken", refreshToken, {
httpOnly: true,
maxAge: 1000 * 60 * 60 * 24 * 7,
path: '/',
sameSite: 'none',
secure: true,
domain: 'localhost',
expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 7) // expires in 7 days
}).json({accessToken})
})
app.get('/', (req, res) => {
const token = req.body.token
if (!token) return res.sendStatus(401)
jwt.verify(token, process.env.REFRESH_TOKEN_SECRET, (err, user) => {
if (err) return res.sendStatus(403)
const accessToken = generateAccessToken({username: user.username})
res.json({accessToken})
})
})
function generateAccessToken(user) {
return jwt.sign(user, process.env.ACCESS_TOKEN_SECRET, {expiresIn: '10m'})
}
module.exports = appSolution 1:[1]
UPDATE:
Was wrong guys, I was checking the console and network but it turns out it was stored in the storage. It's persistent across across multiple tabs. Now my only problem is how to check if they are expired using React backend.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |