Home/ Questions/Q 9177669
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T17:22:44+00:00

I have a node.js app running on the Cedar stack and I’m puzzled why

  • 0

I have a node.js app running on the Cedar stack and I’m puzzled why secure cookies don’t work.

"express": "3.0.3",
"node": ">=0.8.14",

...
app.use(express.session({
        secret : 'somesecret',
        store : // store works fine, sessions are stored
        key : 'sid',
        cookie : {
            secure : true, // it works without the secure flag (cookie is set)
            proxy : true,  // tried using this as well, no difference
            maxAge: 5184000000 // 2 months
        }
}));
...

On localhost everything works fine, but on heroku I don’t seem to be able to set a secure cookie. What am I doing wrong? The docs say the load balancer terminates SSL, is it something to configure over there?
thanks a lot

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You are correct that Heroku terminates SSL before it reaches your app. That causes express to see non-ssl traffic, and that’s likely why it’s refusing to set the cookie when running on Heroku.

    Heroku sets a X-Forwarded-Proto header with the original protocol. I haven’t tested this, but according to the documentation, you have to tell express to respect the information in that header by setting trust proxy as documented here. Additional details found under req.protocol here.

    • 0