Session cookie not set in production

[Vinzouz]

Question 💬

Using next-auth for my web application I have a problem with the session cookie only in production and being hosted.
In local dev or production environments I have no problem. The callback-url and csrf-token cookies are present and so is session-token once connected.

My problem is when I host my application (on cPanel and on a subdomain), I have the secure callback-url and csrf-token cookies but when I try to connect I get no error and the session cookie doesn't initialize.

I've tried a lot of things but nothing works, if any kind soul has time for me, thank you !

How to reproduce ☕️

The versions of next and next-auth I'm using in this project

    "next": "12.1.6",
    "next-auth": "^4.22.1",

The signIn function call for my login form

const result = await signIn('credentials', {
            username: usernameRef.current.value,
            password: passwordRef.current.value,
            redirect: false,
});

My [...nextauth].js file

const options = {
    providers: [
        CredentialsProvider({
            async authorize(credentials, req) {

                const { username, password } = credentials;

                const response = await fetch(`${req.body.callbackUrl}api/auths`, {
                    method: 'POST',
                    headers: { 'Content-Type': 'application/json' },
                    body: JSON.stringify({
                        username,
                        password,
                    }),
                })
                if (response.status === 200) {
                    const user = await response.json();
                    return user
                } else {
                    const message = await response.json();
                    throw new Error(message);
                }
            },
        }),
    ],
    session: {
        strategy: "jwt",
        maxAge: 15 * 24 * 60 * 60,
    },
    secret: process.env.NEXTAUTH_SECRET,
    callbacks: {
        async jwt(params) {
            const token = params.token;
            const user = params.user;
            if (user) {
                 ...
            }
            return token;
        },
        async session(params) {
            ...
            return params.session;
        },
    },
};

My auths API file is working properly
My NEXTAUTH_SECRET environment variable is set to 32 characters and NEXTAUTH_URL is also of type https://mysubdomain.mydomain.fr

Contributing 🙌🏽

Yes, I am willing to help answer this question in a PR

[lsl233]

do you fix?