SessionId not stored in Web browser

Using Django Mystery Errors
1

Hi,
I’ve developed an e-commerce website with Django REST Framework (DRF) as the backend and React as the frontend. Everything was functioning perfectly in my local environment. However, after deploying the application on Render, I’m encountering an issue with session authentication.

Specifically, the web browser is not saving the session ID in cookies after login or registration. I have already set CORS_ALLOWED_ORIGINS to include my domain name, but the problem persists.

Is there something missing in my settings.py configuration?

settings.py

"""
Django settings for bookstore project.

Generated by 'django-admin startproject' using Django 5.0.4.

For more information on this file, see
https://docs.djangoproject.com/en/5.0/topics/settings/

For the full list of settings and their values, see
https://docs.djangoproject.com/en/5.0/ref/settings/
"""

from pathlib import Path
import os
import dj_database_url
from decouple import config

# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent


# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY =os.environ.get("SECRET_KEY")

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True

ALLOWED_HOSTS = ["e-commerce-8io3.onrender.com"]

ALLOWED_HOSTS_DEPLOY = ["e-commerce-8io3.onrender.com"]


# Application definition

INSTALLED_APPS = [
    "app",
    "django.contrib.admin",
    "django.contrib.auth",
    "django.contrib.contenttypes",
    "django.contrib.sessions",
    "django.contrib.messages",
    "django.contrib.staticfiles",
    "rest_framework",
    "corsheaders",
    "whitenoise",
]
MIDDLEWARE = [
    "corsheaders.middleware.CorsMiddleware",
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "whitenoise.middleware.WhiteNoiseMiddleware",
]

ROOT_URLCONF = "bookstore.urls"

TEMPLATES = [
    {
        "BACKEND": "django.template.backends.django.DjangoTemplates",
        "DIRS": [],
        "APP_DIRS": True,
        "OPTIONS": {
            "context_processors": [
                "django.template.context_processors.debug",
                "django.template.context_processors.request",
                "django.contrib.auth.context_processors.auth",
                "django.contrib.messages.context_processors.messages",
            ],
        },
    },
]

WSGI_APPLICATION = "bookstore.wsgi.application"


# Database
# https://docs.djangoproject.com/en/5.0/ref/settings/#databases

# DATABASES = {
#     "default": {
#         "ENGINE": "django.db.backends.postgresql_psycopg2",
#         "NAME": "bookstore",
#         "USER": "postgres",
#         "PASSWORD": "root",
#         "HOST": "localhost",
#         "PORT": "5432",
#     }
# }

DATABASES = {"default": dj_database_url.config(os.environ.get(DATABASE_URL)}

REST_FRAMEWORK = {
    "DEFAULT_PERMISSIONS_CLASSES": {
        "rest_framework.permissions.IsAuthenticated",
    },
    "DEFAULT_AUTHENTICATION_CLASSES": (
        "rest_framework.authentication.SessionAuthentication",
    ),
}

# Password validation
# https://docs.djangoproject.com/en/5.0/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
    },
    {
        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
    },
    {
        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
    },
    {
        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
    },
]


# Internationalization
# https://docs.djangoproject.com/en/5.0/topics/i18n/

LANGUAGE_CODE = "en-us"

TIME_ZONE = "UTC"

USE_I18N = True

USE_TZ = True


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/5.0/howto/static-files/

STATIC_URL = "/static/"
MEDIA_URL = "/images/"
MEDIA_ROOT = os.path.join(BASE_DIR, "images")

STATICFILES_DIRS = [os.path.join(BASE_DIR, "static")]

# Default primary key field type
# https://docs.djangoproject.com/en/5.0/ref/settings/#default-auto-field

DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
CORS_ALLOWED_ORIGINS = [
    "https://e-commerce-1-2ptc.onrender.com",
]
CSRF_TRUSTED_ORIGINS = [
 
    "https://e-commerce-1-2ptc.onrender.com",
]


CORS_ORIGIN_WHITELIST = [
    "127.0.0.1:8000",
  
    "e-commerce-1-2ptc.onrender.com",  # Add the origin of your React app
]
CORS_ORIGIN_ALLOW_ALL = True

CORS_ALLOW_CREDENTIALS = True
CORS_ALLOW_ALL_ORIGINS = True
2

First thing to check is to verify that you are receiving the cookie from the server. Look at your responses in the browser’s developer tools to see if the cookie is in the response, and if it’s identified and created properly.

Also, this appears to be an issue faced by others as well. You might want to see CSRF Cookie is not set with react frontend and
Cookies are not being stored in the browser. Django Backend and react frontend. among others. (Search for react cookie for more threads on this subject.)

3

Ekran görüntüsü 2024-06-21 112521
Ekran görüntüsü 2024-06-21 1125211918×667 59.8 KB

when I user is authenticated ,the server is sending sessionID and csrftoken back , but when I refresh the page they go away