After reloading the page the access token is deleted

[kirilldonenko]

Environment

• Operating System: Linux
• Node Version: v22.3.0
• Nuxt Version: 3.13.2
• CLI Version: 3.14.0
• Nitro Version: 2.10.4
• Package Manager: yarn@1.22.22
• Builder: -
• User Config: -
• Runtime Modules: -
• Build Modules: -

Reproduction

"@sidebase/nuxt-auth": "^0.10.0"
I see this problem only in the QA environment. Locally everything works correctly.

  `// in nuxt.config
  auth: {
      isEnabled: true,
      baseURL: `${process.env.NUXT_PUBLIC_PROTOCOL}${process.env.NUXT_PUBLIC_DOMAIN}:${process.env.NUXT_PUBLIC_PORT}/`,
      provider: {
        type: 'local',
        endpoints: {
          signIn: {path: 'api/auth/login', method: 'post'},
          signOut: {path: 'api/auth/logout', method: 'post'},
          signUp: {path: 'api/auth/register', method: 'post'},
          getSession: {path: 'api/user', method: 'get'},
        },
        token: {
          signInResponseTokenPointer: '/access_token',
          type: 'Bearer',
          cookieName: 'auth._token',
          headerName: 'Authorization',
          maxAgeInSeconds: 60 * 60 * 3,
          sameSiteAttribute: 'lax',
          cookieDomain: `${process.env.NUXT_FRONTEND_DOMAIN}`,
          secureCookieAttribute: false,
          httpOnlyCookieAttribute: false,
        },
        refresh: {
          isEnabled: true,
          endpoint: {path: 'api/auth/refresh', method: 'post'},
          refreshOnlyToken: false,
          token: {
            signInResponseRefreshTokenPointer: '/refresh_token',
            refreshRequestTokenPointer: '/refresh_token',
            cookieName: 'auth._refresh-token',
            maxAgeInSeconds: 60 * 60 * 3,
            sameSiteAttribute: 'lax',
            secureCookieAttribute: false,
            cookieDomain: `${process.env.NUXT_FRONTEND_DOMAIN}`,
            httpOnlyCookieAttribute: false,
          }
        },
      },
      sessionRefresh: {
        enablePeriodically:  1000 * 60 * 60,  
        enableOnWindowFocus: false,          
      }
    },

`
Access and refresh tokens(auth._token and auth._refresh-token) is automatically saved in a cookie on the local domain - "localhost", and on the QA environment on the domain - ".my-qa-domain"

Describe the bug

If I reload the page after authentication, the access token will be deleted, although the refresh token will not be deleted. I only observe this behavior in the QA environment. Maybe someone has encountered something similar?

Additional context

No response

Logs

[github-actions]

Hello 👋

Please provide a reproduction for this issue 🙏

How can I create a reproduction?

Please use one of the following links to reproduce your issue.

• https://stackblitz.com/github/nuxt/starter/tree/v3-stackblitz
• https://codesandbox.io/s/github/nuxt/starter/v3-codesandbox

Please ensure that the reproduction is as minimal as possible. This will allow us to isolate the issue as best as possible.

Here are some more amazing posts about the importance of reproductions:

• The Importance of Reproductions
• How to Generate a Minimal, Complete, and Verifiable Example

[phoenix-ru]

Hi, it would be great if you (or someone you also experiences it) could provide a reproduction repo/stackblitz. When you say "only in QA", this makes our task of reproducing and fixing close to impossible 🙁

[gioscarda]

Hi @phoenix-ru and @kirilldonenko,
experiencing the same.

I think the problem has been already investigated here:
#732
and also probably here:
#982

Unfortunately, no fixes have been provided so far :(

[phoenix-ru]

Duplicating #732 (comment):

If someone is still having this issue, it would be great if you could try out the following PR:
#1033

It attempts to fix loading state in the Nuxt middleware

npm i https://pkg.pr.new/@sidebase/nuxt-auth@1033

[phoenix-ru]

Because this mentions cookies, there's another PR which would automatically proxy cookies on the server: #1041

npm i https://pkg.pr.new/@sidebase/nuxt-auth@1041