So i have implemented a mern stack app with JWT stored in httponly cookie. So in development mode, both frontend and backend are on the same domain (localhost,different ports), and everything works fine. When i deploy both apps ( ex: vercel) , so each app will have its own domain name (or subdomain like .vercel.app) , the troubles begins:
The Samesite attribute of httponly cookie will prevent the cookie from being stored since both apps are cross origins.
So i have tried this:
- setting it to
StrictorLaxwill prevent Set-cookie from storing the cookie since both apps have different domains. - setting it to 'None' : the first problem is that with this value the cookie can be accessed by other origins, the second problem is that google chrome for example will prevent set-cookie from storing cookie automatically.
So im looking for a solution or any other implementation to solve this issue.