Missing authentication token in cookies

[Leo506]

How are you running Flagsmith

• Self Hosted with Docker
• Self Hosted with Kubernetes
• SaaS at flagsmith.com
• Some other way (add details in description below)

Describe the bug

I have deployed Flagsmith on my server. After logging in, if I refresh the page, I am redirected to the login page. But in my localhost setup it works fine.
After some research I found that Flagsmith on my server has no auth token in cookies.

Steps To Reproduce

1. Login
2. Click refresh in browser

Expected behavior

Stay on page

Screenshots

Before refresh:

After refresh:

On localhost:

[matthewelwell]

Hi @Leo506 can you please provide a bit more information about your setup because that certainly shouldn't be the case.

Please provide the version of Flagsmith that you are running, and how you have deployed it (k8s, docker compose, etc.). Please provide the image(s) and tags for all the images you have deployed.

This issue might be related to this, but as I understand it, using JWT authentication requires additional configuration, and should still store the JWT in a cookie.

My suspicion here is that this could be related to the lack of TLS authentication being set up on your server. Are you able to also confirm please whether you are access Flagsmith via http or https?

[Leo506]

Hi @matthewelwell. I use docker compose file to run Flagsmith. Here my compose file:

volumes:
  pgdata:

services:
  postgres:
    image: postgres:15.5-alpine
    environment:
      POSTGRES_PASSWORD: my-password
      POSTGRES_DB: flagsmith
    container_name: flagsmith_postgres
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -d flagsmith -U postgres']
      interval: 2s
      timeout: 2s
      retries: 20
      start_period: 20s

  flagsmith:
    image: flagsmith.docker.scarf.sh/flagsmith/flagsmith:latest
    environment:
      DATABASE_URL: postgresql://postgres:my-password@postgres:5432/flagsmith
      USE_POSTGRES_FOR_ANALYTICS: 'true' # Store API and Flag Analytics data in Postgres

      ENVIRONMENT: production
      DJANGO_ALLOWED_HOSTS: '*'
      ALLOW_ADMIN_INITIATION_VIA_CLI: 'false'
      FLAGSMITH_DOMAIN: 192.168.1.101:9500
      DJANGO_SECRET_KEY: some-secret-key
      ENABLE_ADMIN_ACCESS_USER_PASS: 'true'
      PREVENT_SIGNUP: 'true'
      ALLOW_REGISTRATION_WITHOUT_INVITE: 'true'

      TASK_RUN_METHOD: TASK_PROCESSOR

      EMAIL_BACKEND: django.core.mail.backends.smtp.EmailBackend
      EMAIL_HOST: smtp.gmail.com
      SENDER_EMAIL: my-email
      EMAIL_HOST_USER: my-email
      EMAIL_HOST_PASSWORD: password
      EMAIL_PORT: 465
    ports:
      - 9500:8000
    healthcheck:
      test: ['CMD-SHELL', 'python /app/scripts/healthcheck.py']
      interval: 2s
      timeout: 2s
      retries: 20
      start_period: 20s
    depends_on:
      postgres:
        condition: service_healthy

  flagsmith_processor:
    image: flagsmith.docker.scarf.sh/flagsmith/flagsmith:latest
    environment:
      DATABASE_URL: postgresql://postgres:my-password@postgres:5432/flagsmith
      USE_POSTGRES_FOR_ANALYTICS: 'true'
    depends_on:
      flagsmith:
        condition: service_healthy
    command: run-task-processor

I get access to Flagsmith via http.
Flagsmith 2.157.1