I am setting a cookie via document.cookie = 'foo=bar;secure;path=/;'
and I'm connecting to a WebSocket. I have tried the samesite=None and many other variations with none being successful, so I'm somewhat stuck. I want to use this cookie for authentication (it's actually a jwt and a specific api key in pair).
The flow is:
- Open front-end app
- Login, get jwt back
- Store JWT and Special API key in token
- Make a websocket request
- If made with cookie - everything works
This works locally when both the front-end application and back-end application are on localhost.
The cookie is magically not being sent by the front-end application when in production when both apps are deployed. They're both hosted on heroku and are being pointed to subdomains x.mysite.com and y.mysite.com respectively.
Is there a specific browser behaviour that I need to be aware of?
Thanks in advance.