Express-session Secure Cookies not working

Question

When not using secure cookie true setting, my app user login works fine. When I enable secure cookies, the login appears to go through fine, but it seems the cookie is not s

Answer 1

Solution if using Heroku:

In Heroku, all requests come into the application as plain http but they have the header X-Forwarded-Proto to know whether the original request was http or https. That causes express to see non-ssl traffic and so it refuses to set a secure cookie when running on Heroku. Express will only send secure cookies over https. You have to tell express to trust the information in the X-Forwarded-Proto header, i.e. that the original request was over https, by enabling the 'trust proxy' setting. Before defining the cookie properties I put

app.set('trust proxy', 1);

Where 1 means trust the first proxy. 1 was good enough for me to set cookie: secure