Strapi Login logout after page refresh

[tobias-srf]

I am having trouble keeping $strapi.user persistent. I can login fine and cookies and local storage is also set, but upon a page request the user gets logged out straight away.

Is this expected behaviour?

I have tried following:

  strapi: {
    url: "http://localhost:8086",
    key: 'authi_jwt',
    expires: '1d',  
    cookie: {}
  },

To keep the session from expiring ...

[benjamincanac]

Hey @tobias-srf,

The user might be getting logged out when the GET /users/me call fails.

Otherwise, could you provide a reproduction link?

[kainio]

I have the same problem and i am getting 403 with GET /users/me when checking for $strapi.user

[tobias-srf]

Hi @benjamincanac I currently don't have any reproduction link, just running localhost. However, I am also using nuxt-i18n and I have noticed that it creates more than one cookie for different urls.

Could this be the issue? When is the GET /users/me called?

[benjamincanac]

@tobias-srf Have you tried forcing the cookie path?

strapi: {
    expires: '30d',
    cookie: {
      path: '/'
    }
}

[benjamincanac]

@kainio You might need to set authorizations for /users/me route in your Strapi API.

[tobias-srf]

@tobias-srf Have you tried forcing the cookie path?

strapi: {
    expires: '30d',
    cookie: {
      path: '/'
    }
}

Ok that is much better, only one cooke now. Login problem is, however, still prevailing, but now the cookie is deleted...

[kainio]

@benjamincanac my bad, i created an new role but forgot to add 'User.me'. thanks

[tobias-srf]

@benjamincanac I am doing SSR and following code will tell me that I am logged out on a page refresh, so the issue still prevails!

export const actions = {
  nuxtServerInit(vc, context) {
    console.log("### nuxtServerInit ###")

    if (context.$strapi.user) {
      console.log(context.$strapi.user.username)
    } else {
      console.log("ok not logged in INIT!")
    }
    ...

[tobias-srf]

Your wrote:
The user might be getting logged out when the GET /users/me call fails.
@benjamincanac how can I debug that?

I see no such request being sent to any /user/me endpoint ever ...

[benjamincanac]

@tobias-srf Could you share the code you're using to login your users?

[tobias-srf]

@benjamincanac nothing spectacular here ...

<template>
  <div class="w-4/5 mx-auto md:w-1/2 text-center my-12">
    <div v-show="error !== ''" class="p-3 border">
      <p>{{ error }}</p>
    </div>
    <h1 class="font-bold text-2xl md:text-4xl mt-5">Login</h1>
    <form @submit="loginUser">
      <div>
        <input
          v-model="identifier"
          class="p-3 my-5 border w-full"
          type="email"
          placeholder="email"
        />
      </div>
      <div>
        <input
          v-model="password"
          class="p-3 my-5 border w-full"
          type="password"
          placeholder="password"
        />
      </div>
      <div>
        <button
          :disabled="identifier === '' || password === ''"
          class="button--green"
          type="submit"
        >
          Login
        </button>
      </div>
    </form>
  </div>
</template>
<script>
export default {
  data() {
    return {
      identifier: '',
      password: '',
      error: '',
    }
  },
  methods: {
    async loginUser(e) {
      e.preventDefault()
      try {
        const user = await this.$strapi.login({
          identifier: this.identifier,
          password: this.password,
        })
        console.log(user)
        if (user !== null) {
          this.error = ''
          this.$nuxt.$router.push(this.localePath('auth-profile'))
        }
      } catch (error) {
        this.error = 'Error in login credentials'
      }
    },
  }
}
</script>

[benjamincanac]

Once you've logged in, your getting disconnected upon refresh? At this moment, don't you see a GET /users/me route getting called in your Strapi API?

Also, have you tried not to override the cookie key (strapi.key)? Maybe the issue lives there.

[tobias-srf]

I have removed the overwriting of strapi.key and logged in twice.

my node console shows a POST /auth/local but not more ...

[tobias-srf]

I log in and get a perfect redirect to my profile page (as in login code above). Username is shown etc ...
if I browser refresh the profile page (F5 or browser refresh arrow icon) the cookie disappears and I am being redirected to /home which the middleware does when I am trying to see a guarded page and not being logged in ...

[tobias-srf]

@benjamincanac I think I found the issue. I am using docker and run nuxt and strapi on the same instance. I have a port forwarding set aside for either application. If I tell nuxt to use the port forwarded port for strapi I get the issue.

If I use the internal url via nuxt 127.0.0.1:1337 I get the /user/me GET call and everything is fine and the user stays logged in!

So it looks like it is a partial network issue ....

[benjamincanac]

Glad you found the source of your problem, unfortunately I might not be able to help you on this.

Feel free to open a pull request on the documentation explaining this.

[tobias-srf]

I guess the issue is that the strapi module does not respect the strapi { url: 0.0.0.0:<port> } settings all the way and gets bogged down when doing authentication requests, but they never reach the strapi endpoint ... So there might be stil a bug ...

[pixelscript-io]

@tobias-srf I fixed this issue by completely clearing the application cache (I was using Google Chrome) and modifying my options object to the following:

strapi: {
  url: 'https://strapi.mydomain.net',
  key: 'authToken',
  expires: '7d',
  cookie: {
    sameSite: true,
    path: '/'
  }
}

Upon inspecting my Network tab when it would redirect me to /login and display I wasn't logged in, I found some duplicate cookies which I'm assuming is what was causing the issue. I hope this helps!

[adhamfarrag]

I applied the same but it still doesn't work for me. @pixelscript-io does the same issue still happen with you after anytime soon ?

[LucaMargadant]

@benjamincanac I think I found the issue. I am using docker and run nuxt and strapi on the same instance. I have a port forwarding set aside for either application. If I tell nuxt to use the port forwarded port for strapi I get the issue.

If I use the internal url via nuxt 127.0.0.1:1337 I get the /user/me GET call and everything is fine and the user stays logged in!

So it looks like it is a partial network issue ....

Thank you! For me this worked. Setting an url to the strapi module fixed the issue. While local development the call to strapi was over localhost. Changing strapi's url in nuxt config to http://127.0.0.1:1337 fixed it.

expires: '30d', url: http://127.0.0.1:1337, cookie: { path: '/', },