Hello team I am new to Ory and currently investigating how d Ory Community #

Hello team! I am new to Ory and currently investi...

elegant-potato-3021

06/26/2025, 9:24 AM

Hello team! I am new to Ory and currently investigating how does it work and trying to figure out functionality. I started with Ory Quickstart for next.js application and it worked like a charm locally. Next, I tried to deploy it on Vercel and where I got stuck 😅 When I go to the

with my vercel domain I got:

Copy code

GET <https://eager-franklin-3vbqv90l3p.projects.oryapis.com/sessions/whoami> 401 (Unauthorized)

so, request to whoIam returns 401 and after that I was redirected to welcome page

<https://eager-franklin-3vbqv90l3p.projects.oryapis.com/ui/welcome>

where my session is presented (because I logged in previously). For some reason, on my vercel domain, it can't find the cookie session and redirect to the welcome page (in ory console it's a default path as far as I remember). Previously I had an issue with CORS and I fixed it with this: https://www.ory.sh/docs/guides/cors#enable-cors I think, the issue is a configuration in ory console, But I couldn't figure it out 😓 If I logged out from welcome page and go again to vercel domain, I will be redirected to

<https://eager-franklin-3vbqv90l3p.projects.oryapis.com/ui/login?flow=2175c2df-d424-4497-aba1-bbed122aa473>

after successful signing in, i saw for a moment my vercel domain home page with null sessions and was redirected again to welcome page, because whoami retured 401 any ideas? 🙂 The code is the same as in quickstart:

Copy code

useEffect(() => {
    // Check if the user is authenticated
    const checkSession = async () => {
      try {
        // Browser automatically includes cookies in the request
        const session = await ory.toSession()
        setSession(session)

        // Get the logout URL once we have a session
        try {
          const { logout_url } = await ory.createBrowserLogoutFlow()
          setLogoutUrl(logout_url)
        } catch (logoutError) {
          console.error("Error creating logout flow:", logoutError)
        }
      } catch (error) {
         console.error("Error ory.toSession()", error)
        // No valid session found, redirect to Ory login
        window.location.href = `${basePath}/ui/login`
      }
    }

    checkSession()
  }, [])

elegant-potato-3021

06/26/2025, 7:33 PM

for the context:

Copy code

import { FrontendApi, Configuration, Session } from "@ory/client-fetch"

const basePath = process.env.NEXT_PUBLIC_ORY_SDK_URL || "<https://eager-franklin-3vbqv90l3p.projects.oryapis.com>"

const ory = new FrontendApi(
  new Configuration({
    basePath,
    credentials: "include",
  }),
)

elegant-potato-3021

06/26/2025, 7:43 PM

~~looks like it's still CORS issue as I finally noticed:~~

Copy code

Referrer Policy
strict-origin-when-cross-origin

ah, probably unrealted

elegant-potato-3021

06/27/2025, 12:25 PM

After multiple evenings, I finally fixed it. The issue with this docs is that it doesn't cover fully the config for cors. The command

Copy code

ory get identity-config ...

returns

Copy code

session:
  cookie:
    domain: <http://eager-franklin-3vbqv90l3p.projects.oryapis.com|eager-franklin-3vbqv90l3p.projects.oryapis.com>
    name: ory_session_eagerfranklin3vbqv90l3p
    path: /
    persistent: false
    same_site: Lax

where same_site=Lax causes the issue for cross domain interactions.

same_site=None

fixes it

2 Views

Open in Slack