I am created a website for my Discord bot and i need to store the state for the Discord oauth somewhere. I stored it in a cookie before i enabled Secure, httpOnly, sameSite on the cookie it worked fine. but now the cookie won’t show up on this particular page but when i go to the home page the cookie does show up.
Can you show us the code to make the cookie?
app.get("/app/authorize", (req, res) => {
const State = (Date.now() + Math.floor(Math.random() * 100000000)).toString(
16
);
res.cookie("AUTHENTICATION_STATE", State, {
httpOnly: true,
secure: true,
sameSite: true
});
res.redirect(
DiscordEndpoints.authorize +
"?client_id=614143167226183681&redirect_uri=http%3A%2F%2Fcordbot.glitch.me%2Fapp%2Fauthorize%2Fhandle&response_type=code&scope=identify%20guilds&state=" +
State
);
});
Is anyone going to help? @RiversideRocks
I’m more of a Python developer than a JavaScript one but looking at this I would wager that your issue is with the sameSite attribute. SameSite is not a boolean cookie value, it typically is one of None, Strict, or Lax. I don’t know the context of this cookie so I can’t tell you which one is appropriate for your use case, but this article is a great resource in making that decision.
I changed it to “Lax” now the page won’t load anymore.
Edit: Nevermind i got an error saying that res.state() doesn’t exist
It was res.status but now Discord gave a redirect uri invalid error
The cookie appears to be working to me, I can’t speak to how Discord integration works, I don’t have any experience with their API.
After some rewinding found that a messed up the redirect uri. Now it works thanks!