Electron cookies not working in production build


#1

We have an electron application, and our backend’s login system is implemented using cookies.

It’s a quasar(vue.js)-electron application, and everything is fine in development mode. When a user sends a login request, if their credentials are correct they will get back a cookie in the “set-cookie” header. This is automatically sent with every request using axios, and with every new request this cookie will be refreshed if the user wasn’t idle for more than 10 minutes, otherwise the system will log them out.

On the other hand if I build the application, install it then the whole “set-cookie” header stops working! I found out that electron has an API to handle cookies, so I implemented the cookie handling with that, but If a user logs out, and wants to log back in, they can’t until they restart the app, even though I clear the cookies with every logout.

my electron/ electron builder / electron rebuild versions are as follows

"electron": "^3.0.10",
"electron-builder": "^20.38.5",
"electron-rebuild": "^1.8.2",

when the user logs out:

session.defaultSession.clearStorageData([
    { storages: ["cookies", "appcache", "filesystem"] },
    () => {}
  ]);

and using axios interceptor I set cookies with electron’s session api

axiosInstance.interceptors.response.use(
    response => {
      session.defaultSession.cookies.get({}, (error, cookies) => {
        if (error) console.log(error, cookies);
        const cookie = cookies.filter(
          cookie => cookie.domain === process.env.domain
        );
        if (!cookie.length) return response;
        const scheme = cookie[0].secure ? "https" : "http";
        const url = scheme + "://" + cookie[0].domain;
        const newCookie = {
          url: url,
          name: cookie[0].name,
          value: cookie[0].value,
          domain: cookie[0].domain,
          path: cookie[0].path,
          secure: cookie[0].secure,
          httpOnly: cookie[0].httpOnly,
          expirationDate: cookie[0].expirationDate
        };
        session.defaultSession.cookies.set(newCookie, error => {
          if (error) console.error(error);
        });
      });
      return response;
    },
    ...rest of the code removed

this sets the cookie on first login, but not on the second until the whole electron application is restarted. If I log the process, it seems the code still runs and saves the cookie, but the next request won’t have a cookie header for some reason.