Firebase hosting with rewrite to function doesn't set session cookie

Question

I'm using nodejs express app with express-session and firebase.

Firebase hosting configured to be redirected to Firebase functions.

I'm trying to store some data in the session. It works perfectly if I access the app via function url.

However, app doesn't store session cookie when I'm trying to access it via hosting url.

E.g.

http://localhost:5001/my-project/us-central1/app/ - this one sets cookie

and

http://localhost:5000/ - this one not.

My app session configuration is the following:

app.use(
    session({
        secret: appConfig.appSecret,
        name: '__session',
        cookie: {
            secure: false,
            httpOnly: false
        }
    })
);

How to force firebase hosting to set the cookie?

Hosting won't set cookies so you will probably have to server all routes you want to set cookies through functions. — abraham, Apr 08 '18 at 15:18

score 2 · Answer 1 · answered Apr 23 '18 at 14:46

2

Finally, I found the solution.

In order to set a __session cookie, you need to set header for the response with a session.

res.setHeader('Cache-Control', 'private');

answered Apr 23 '18 at 14:46

Arthur

73
5

same with cookie ...you saved my day man , thanks for both question and answer :) – HMagdy Mar 12 '19 at 19:17
Do you know why this 'Cache-control' header is needed to successfully set cookie if app is relying on Firebase Hosting's rewrite rule? – user482594 Nov 27 '19 at 01:37
I think it relates to caching mechanism and cdn features of Firebase hosting but not 100% confident. – Arthur Nov 27 '19 at 12:56

Firebase hosting with rewrite to function doesn't set session cookie

1 Answers1