Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    Ilya Pukhalski
    hey guys, I have an issue with setting cookies and pushing them to the browser
    when I test it with Postman no cookies set but everything works as espected
    as for the browser — no cookies, no access to restricted routes
    any ideas so far?
    José Netto
    Hi, @pukhalski ! Can you provide more details?
    Nirmal Nepal
    This is the hardest thing to follow in hapi
    I cant implement it...
    Rodolfo Azevedo
    @pukhalski I created an application with hapi and hapi-auth-cookie and the cookie was set in browser, can you give more details ?
    Hi , I'm also tried two or more including hapi-auth-cookie but finally JWT works.
    Tejus Pratap
    I know I'm posting to a historical thread, but the solution to Cookie not setting is to create a domain name other than localhost in your hosts file e.g. "http://dev.mysite.com" and then use it instead of "http://localhost". Hapi sends cookie header but browsers such as Chrome do not set it unless the domain is named.
    Rufus Godonou
    I need some help to setup hapi-auth-cookie for my app
    Any suggestions on why auth would work fine via postman but not via chrome or any other browser?
    Tejus Pratap
    Is your development server being accessed from Localhost? If yes then using Localhost to set cookies is disabled in chrome https://bugs.chromium.org/p/chromium/issues/detail?id=56211 set something like localhost.com in your hosts file and access the website through that. Another reason might be that your development server is not having https (ssl) enabled and your server might be trying to set a secure cookie.

    @tejzpr So I am using chrome and I was accessing my site via: http://localhost:9000 which is where the single page app is running. My api is on http://localhost:8000/. I tried via safari and I encountered the same issue but works fine via Postman. My cookies are set to not secure:

    password : 'XFWDFSV4fd2oEzRNHAd7RH5UXZuHRh9kmKtd6D',
    cookie : 'ak',
    isSecure : false
    const cache = server.cache({ segment: 'sessions', expiresIn: 3 * 24 * 60 * 60 * 1000 });
      server.app.cache = cache;
        var options = config.get("general.cookie");
        options.validateFunc = async function(request, session){
            const cached = await cache.get(session.id);
            const out = { valid: !!cached };
            if (out.valid) {
                out.credentials = cached.user;
            return out;

    and my auth looks like this:

    exports.login = {
        tags: ['auth', 'login'],
        description: "App login endpoint with cookie session init",
        auth: { mode: 'try' },
        plugins: {
            'hapi-auth-cookie': { redirectTo: false }
        validate: {
            payload: {
                network: Joi.string().valid(['email']).required(),
                email: config.get("joischema.user.email").required(),
                password: config.get("joischema.user.password").required()
        handler: async (request, h) => {
      // ... some stuff
      var result = internals.generateSessionObject(userModel);
      const id = String(result.id);
      await request.server.app.cache.set(id, {user: result}, 0);
      winston.log('info', 'auth.login', { loggedin_username: result.username });
      return {user: result};
    I just checked firefox and I don't see a cookie being sent
    adding an entry for localsite.com to host file to see if that helps
    it worked!
    @tejzpr thank you!
    Tejus Pratap
    @ashrafk786 👍
    John McGuin
    Yo! This is exactly the place I've been hoping to find :) I'm having a hell of a time getting hapi-auth-cookie to work across plugins as my default strategy. Has anybody come across this issue as well?