using apollo, cookie in response header but not being set

Question

I'm developing a user login/register feature as part of a larger project and am working on localhost (apollo server and react apollo front-end). I'm using express-session for my sessions.

When submitting my login I can see the response header has set-cookie inside, but its not set in Application->Cookies.

I've tried different browsers, using createHttpLink, apollo-boost, and using include & same-origin (using same-origin).

I've been trying to get this working for 2 weeks now and have run out of things to try, this was my last option! I know its going to be something really trivial but I just can't see it.

If I use GraphqL Playground and change the settings to include credentials, I can see the cookie being set there.

Server is running on localhost:8080/graphql Client is running on localhost:3000

Client:

const client = new ApolloClient({
    link: new HttpLink({
        uri: 'http://localhost:8080/graphql',
        credentials: 'same-origin',
    }),
    cache: new InMemoryCache()
});

Cors:

app.use(
    cors({ 
        origin: 'http://localhost:3000',
        credentials: true
    })
);

Express-Session:

app.use(
    session({
        name: "sess",
        secret: process.env.SESSION_SECRET,
        resave: false,
        saveUninitialized: false,
        cookie: {
            httpOnly: true,
            secure: false,
            maxAge: 1000 * 60 * 60 * 24 * 7,
        },
    })
);

Response Cookie:

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
Vary: Origin
Access-Control-Allow-Credentials: true
Content-Type: application/json
Content-Length: 69
set-cookie: sess=s%3AAZXnGb5BVc1aAOwH6zBNiT8mB6Ebf75k.in%2BPU1OvxymDPdPIZBf8%2FQzrRmM0S04tXFzXDwYCnk8; Path=/; Expires=Sat, 03 Nov 2018 13:59:57 GMT; HttpOnly
Date: Sat, 27 Oct 2018 13:59:57 GMT
Connection: keep-alive

Answer 1

I had the same issue. Incase you're still looking for an answer after 2 years set credentials in the client to "include" like this:

const client = new ApolloClient({
  uri: 'http://localhost:4000/graphql',
  cache: new InMemoryCache(),
  credentials: 'include'
});

Answer 2

I tried to fix it by using express. But it didn't work with Apollo GraphQL.

const corsOptions = {
    origin: "http://localhost:3000",
    credentials: true
  };
app.use(cors(corsOptions));

So, I tried configuring cors inside GraphQL server and It Worked.

For Apollo Server

const corsOptions = {
    origin: "http://localhost:3000",
    credentials: true
  };

const server = new ApolloServer({
  typeDefs,
  resolvers,
  cors: corsOptions
});

server.listen().then(({ url }) => {
  console.log(`🚀 Server ready at ${url}`);
});

For GraphQL Yoga

const options = {
  cors: corsOptions
};

server.start(options, () =>
  console.log("Server is running on http://localhost:4000")
);