Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

unable to use secure cookies

See original GitHub issue

I am trying to set secure cookies, it does not work at first try.

I am using

 secret: sessionSecret,
      resave: false,
      saveUninitialized: true,
      cookie: {
        secure: true,
        httpOnly: true,
        domain: '',
        expires: expiryDate

I found function issecure relying on req.connection.encrypted here but it seems not supported anymore, see

Any hint?

Issue Analytics

  • State:closed
  • Created 8 years ago
  • Reactions:1
  • Comments:22 (10 by maintainers)

github_iconTop GitHub Comments

dougwilsoncommented, Mar 2, 2016

Ah, should be able to get proxy_set_header X-Forwarded-Proto https; added in there and it should be good to go?

ghostcommented, Oct 28, 2016

I had some trouble with this as well. By turning on cookie: { secure: true }, proxy: true, app.set('trust proxy', true), and proxy_set_header X-Forwarded-Proto $scheme; in the nginx proxy, I’ve gotten HTTPS cookies to work.

Here’s a snip of my app:

app.set('trust proxy', true)
    store: new RedisStore({
        pass: 'aaa',
    secret: 'aaa',
    proxy: true,
    resave: false,
    saveUninitialized: true,
    cookie: { secure: true }

And my nginx configuration:

# Snip of nginx proxy configuration

proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Host $host; 
    proxy_set_header X-Real-IP $remote_addr; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
Read more comments on GitHub >

github_iconTop Results From Across the Web

Express-session Secure Cookies not working - Stack Overflow
When not using secure cookie true setting, my app user login works fine. When I enable secure cookies, the login appears to go...
Read more >
Turn cookies on or off - Computer - Google Account Help
Under "Privacy and security," click Site settings. Click Cookies and ... If you can't use your Google Account and get a message that...
Read more >
"The application is configured to use secure cookies" error ...
An error with message "The application is configured to use secure cookies. These cookies require the browser to issue the request over SSL ......
Read more >
Using HTTP cookies - MDN Web Docs
Insecure sites (with http: in the URL) can't set cookies with the Secure attribute. However, don't assume that Secure prevents all access to ......
Read more >
CA5383: Ensure use secure cookies in ASP.NET Core
Applications available over HTTPS must use secure cookies, which indicate to the browser that the cookie should only be transmitted using ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found