2

I'm setting up Javalin as a microservice, providing API endpoints for my React app. Locally, Javalin is running on port 7070 and React is running on 3000 (via the built-in server with create-react-app).

I'm attempting to wire up the login/logout services, and in my login controller I have this code.

boolean isValid = User.isPasswordValid(u, password);
if (isValid) 
{
    ctx.sessionAttribute("currentUser", u.userHash);
}

In the React code, it listens to the success response from this controller and then reroutes to the /dashboard page. The /dashboard page loads up data, and I'm getting the data appropriate for the user by getting that userHash out of the Session like this:

    String userHash = ctx.sessionAttribute("currentUser");

However, this is always returning null.

It seems like this should work, and even matches the tutorial code posted on the Javalin website https://javalin.io/tutorials/website-example

Is the fact that the React code and the Javalin running on different servers cause this to not work? I tried replacing the sessionAttribute() with cookieStore() and it has the same null issue.

Edit - Adding The Reponse information showing a JSESSIONID enter image description here

bluedevil2k
  • 9,366
  • 8
  • 43
  • 57

1 Answers1

2

After discussing with the Javalin creator, the correct answer is to include this line in the server creation:

app.before(ctx -> ctx.header("Access-Control-Allow-Credentials", "true"));

and ensure your JavaScript call includes the option:

credentials: "include",
bluedevil2k
  • 9,366
  • 8
  • 43
  • 57