Unable to get session from cookie in nextjs serverless function when redirected from another nextjs app using redirect.

[shaedrizwan]

Summary

I have both frontend and backend Next.js applications hosted on Vercel. In the frontend app, all API requests are redirected to the backend using the next.config.js file:

async rewrites() {
    return [
      {
        source: '/api/apis/:path*',
        destination: `${process.env.API_SERVER}/:path*`, // Proxy to Backend
      },
    ];
  },

However, in the backend server, when attempting to retrieve the session using AuthInstance.getSession(req, res), it returns null and responds with a 401 error.

Since I can successfully retrieve the cookie in getServerSideProps, it appears that there is no issue with the cookie itself.

Are there any additional configurations I need to make in order to properly redirect the request with the cookie? This same setup works flawlessly on Netlify. I am using Auth0 for authentication.

Additional information

Creating auth instance:


initAuth0({
  secret: process.env.AUTH0_SECRET,
  baseURL: process.env.FRONTEND_URL,
  issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
  clientID: process.env.FRONTEND_AUTH0_CLIENT_ID,
  clientSecret: process.env.FRONTEND_AUTH0_CLIENT_SECRET,
  auth0Logout: true,
  idpLogout: true,
  httpTimeout: 20000,
  authorizationParams: {
    response_type: 'id_token',
    scope: 'openid email',
  },
  session: {
    cookie: {
      domain: '.domain.com',
      path: '/',
    },
    absoluteDuration: 1604800,
    name: 'domain',
  },
});

Getting the session from serverless backend:
session = AuthInstance.getSession(req, res)

### Example

_No response_

[swarnava]

Hi, are you using this library: https://github.com/auth0/nextjs-auth0 ?

[shaedrizwan]

Yeah, we are using nextjs-auth0 1.7.0

[swarnava]

We recommend creating an issue or contact their support instead since they own the library. Thank you!

[adamjmcgrath]

Hi @swarnava - nextjs-auth0 maintainer here 👋

I've just tested this locally with 2 applications on different ports with the latest version of Next.js and confirmed that Next.js attaches the cookie to the request to the backend server and the backend application is able to read the session using getSession.

I just had to make sure that the AUTH0_SECRET and the session.name configuration options matched so that the SDK running on the backend server could find the cookie and decrypt it.

I can't see anything wrong with the code you've shared, but happy to take a look if you can share an example repo that demonstrates the issue.

Also, I see it works on Netlify and not on Vercel, does the same code work on localhost (Running both your frontend app and backend app on different ports)?