Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Invalid session cookies on prod environment

See original GitHub issue

Hi, We are not completely sure if this is a ltijs issue, but we tried everything we can and not able to get this working.

Here’s our setup for our prod environment:

// Setup
    url: 'mongodb+xxxxxxxxx/' + process.env.DB_NAME,
    connection: { user: process.env.DB_USER, pass: process.env.DB_PASS }
  }, {
    staticPath: path.join(__dirname, './public'), // Path to static files
    cookies: {
      secure: true, // Set secure to true if the testing platform is in a different domain and https is being used
      sameSite: '', // Set sameSite to 'None' if the testing platform is in a different domain and https is being used
      domain: ''
    devMode: false // Set DevMode to true if the testing platform is in a different domain and https is not being used

Now, when we do a fetch request for the /info route like this…

const getLTIInfo = async(ltiToken) => {
  const response = await fetch(`${ltiToken}`, {
    method: 'GET',
    credentials: "same-origin",
    headers: {
      'Content-Type': 'application/json'
  return response.json();

LTIJS is unable to find the session cookies. Any idea on what we are not doing right here? I thought setting the credentials to same-origin should automatically pick up the cookies from the browser from the same origin, but it is not.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:21 (10 by maintainers)

github_iconTop GitHub Comments

Cvmcostacommented, Oct 31, 2020

For anyone experiencing a similar issue, the problem was that the ltijs route was being called from a backend server without access to the cookies set on the client-side application.

GreenOncommented, Oct 30, 2020

Thanks a lot. I will spend more time exploring this and let you know. I think the issue may be with the cors issue. These are always tricky to find.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Understanding DPWWA1122W DPWNS1054E messages ...
Errors related to corrupted session cookies and invalid session ID's are logged in WebSEAL logs. Do these errors indicate a real problem?
Read more >
Cookie not set with express-session in production
The problem is that cookie with session ID is correctly set in development, but not in production.
Read more >
Invalid session cookie - Oracle Communities
I'm playing with the sso example provided and am having problems with an Invalid session cookie error com.tarantella.tta.webservices.
Read more >
Why isn't my session state working in ASP.NET Core? Session ...
Session cookies (and so sessions) should be deleted when the browser session ends, but might not be. If a session doesn't have any...
Read more >
FAQ: Cookies in AM | ForgeRock Backstage
AMAuthCookie - this cookie is created when the user displays the login page and corresponds to the invalid session that is created at...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found