I want to manage user login status from session cookie using firebase authentication and flame.

It seems that set_cookie is not working properly, but I don't know how to solve it.

Referenced site: https://firebase.google.com/docs/auth/admin/manage-cookies

Applicable source code
firebase.auth (). onAuthStateChanged (function (user) {
  if (user) {
    user.getIdToken (). then (function (data) {
      var tokenData = {idToken: data}
      $.ajax ({
        type: 'POST',
        url: '/ sessionLogin',
        data: JSON.stringify (tokenData),
        contentType: 'application/json',
        success: function () {
          console.log ("done")
        error: function (XMLHttpRequest, textStatus, errorThrown) {
          alert ('error');
          console.log ("XMLHttpRequest:" + XMLHttpRequest.status);
          console.log ("textStatus:" + textStatus);
          console.log ("errorThrown:" + errorThrown.message);
@ app.route ('/ sessionLogin', methods = ['POST'])
def session_login ():
    id_token = request.json ['idToken']
    decoded_token = auth.verify_id_token (id_token)
    uid = decoded_token ['uid']
    expires_in = datetime.timedelta (days = 1)
    # Create the session cookie.This will also verify the ID token in the process.
    # The session cookie will have the same claims as the ID token.
    session_cookie = auth.create_session_cookie (id_token, expires_in = expires_in)
    response = jsonify ({'status': 'success'})
    # Set cookie policy for session cookie.
    expires = datetime.datetime.now () + expires_in
    response.set_cookie ('session', session_cookie, expires = expires, httponly = True, secure = True)
    print ("response", response)
    return response
@ app.route ('/ mypage', methods = ['GET', 'POST'])
def mypage ():
    session_cookie = request.cookies.get ('session')
    print ("session", session_cookie)
    if not session_cookie:
        # Session cookie is unavailable.Force user to login.
        print ("No session")
        return redirect ('/')
    # Verify the session cookie.In this case an additional check is added to detect
    # if the user's Firebase session was revoked, user deleted/disabled, etc.
        decoded_claims = auth.verify_session_cookie (session_cookie, check_revoked = True)
        return serve_content_for_user (decoded_claims)
    except auth.InvalidSessionCookieError:
        # Session cookie is invalid, expired or revoked.Force user to login.
        return redirect ('/')
    this_year = check_year ()
    return render_template ('mypage.html', this_year = this_year)
Error message
response<Response 26 bytes [200 OK]>
Session None
It was confirmed that the uid was correctly taken from the idToken taken from

We also confirmed that expires_in was generated properly.

However, the response.set_cookie (....) part isn't working, or request.cookies.get ('session') will be None.

If i am new to programming and don't know about cookie and firebase, please tell us if you need additional information.

If anyone can understand, please let me know.

  • Answer # 1

    I don't know the structure, but if you use Firebase Hosting, you can only use a cookie named__ session.
    Use of cookies

    Otherwise, I want to check if the Set-Cookie header is on the response with/sessionLoginfirst.