Express/React with CORS - Setting HTTP-Only Secure Cookie for React SPA
So after trying some different things, the issue was with setting the domain in res.cookie
to the subdomain. I changed that code to:
res.cookie('jwt', token, { domain: 'mysite.co', secure: true, httpOnly: true, maxAge: parseInt(process.env.JWT_EXPIRATION_MS, 10), });
and now the cookie is being set.