ctx.cookie.set() does not appear to set a cookie

52 3 8

When inside the shopify admin area, I see the contents of the file at the redirect url. But using Chrome's EditThisCookie extension neither cookie is set.


Anyone know why this is? I suspect it is a domain scoping issue: shopify.com admin area on one domain, the ngrok app on another. If that or some other issue is the case I hope someone knows how to fix it.


// server.ts

  , scopes : SHOPIFY_BUYUSED_SCOPES.split(",")
  , afterAuth(ctx: Koa.Context): void {
    console.log(`=====inside afterAuth()=====`); // I do not see this log statement in the console
    const {shop, accessToken} = ctx.session;
      message : "from inside afterAuth()" // I do not see this log either
      , shop
      , accessToken
    // cookie setting
    const cookieOptions = {
      httpOnly: true,
      secure: true,
      signed: true,
      overwrite: true
    ctx.cookie.set("buyUsed_shopName", shop, cookieOptions);
    ctx.cookie.set("buyUsed_generalToken", accessToken, cookieOptions);

////// Routing //////
router.get('/', async ctx => {
  // ctx.body = "Koa server running, '/' route triggered"
  ctx.redirect("https://storage.cloud.google.com/buy_used/consoleLog.js"); // this file's contents renders on the page
Shopify Staff
Shopify Staff
1041 140 167

Hey @seandz,


I suspect this is related to Chrome's update.


With the release of Chrome 80 on February 4th, 2020, the default behaviour of Chrome will change from allowing cookies in a cross-site or third-party context to denying them.

To designate cookies for cross-site access, a new cookie setting is available in Chrome: SameSite=None. This attribute can be used by services that are running in a third-party context, such as embedded Shopify apps. 

Try configuring sameSite in your cookieOptions:

const cookieOptions = {
  httpOnly: true,
  secure: true,
  signed: true,
  overwrite: true,
  sameSite: 'none'


Notice; Out of office, replies will be delayed until my return. Thanks!