I'm implementing a simple project using Ktor backend server and KMP Wasm. I am implementing the Google login feature. Google login was successful and saved the session information after authentication. I checked the browser developer tools and saw that the session information was saved in a cookie. However, when I send an API request from the KMP Wasm client to the backend, the cookie information is not passed through. Because of this, the server side is returning a 401 error with invalid session information. The backend server is running on localhost:8080 and the frontend is running on localhost:8081 on the same machine. I've asked GPT, Gemini, and set it up roughly as follows, but it still doesn't work. Here are the server-side CORS settings

internal fun Application.configureSession() {
    install(Sessions) {
        cookie<UserSession>("USER_SESSION") {
            cookie.extensions["SameSite"] = "None"
            cookie.secure = true
        }
    }
    install(CORS) {
        allowCredentials = true
        allowSameOrigin = true

        anyHost()
        anyMethod()
        allowHeader(HttpHeaders.ContentType)
        allowHeader(HttpHeaders.Authorization)
        allowHeader(HttpHeaders.AccessControlAllowOrigin)
    }
}

Here are the client-side s ettings

actual val client: HttpClient = HttpClient(Js) {
    engine {

    }
    install(DefaultRequest) {
        headers {
            append(HttpHeaders.ContentType, ContentType.Application.Json)
        }
    }
    install(ContentNegotiation) {
        json(json = Json {
            isLenient = true
            ignoreUnknownKeys = true
        })
    }
    install(Logging)
    install(HttpCookies)
}

And below code is handling the google oauth in Ktor Server side:

authenticate(GOOGLE_AUTH) {
    get("/login") { }

    get("/callback") {
        val tokenResponse = call.principal<OAuthAccessTokenResponse.OAuth2>()
        if (tokenResponse == null) {
            call.respondRedirect("/")
            return@get
        }

        val state = tokenResponse.state
        if (state.isNullOrBlank()) {
            call.respondRedirect("/")
            return@get
        }

        val token = tokenResponse.accessToken
        val me = signInService.signIn(token)

        call.sessions.set(UserSession(me.id)) // the session is saved and I can check it in my browser developer tool
        println("[test] callback - session is saved: $me")
        call.respondRedirect("/")
    }
}

Somebody help me please?!

I've left a comment on https://stackoverflow.com/questions/79631409/ktor-server-with-kmp-frontend-cookie-not-sent. Can you tell me if the workaround solved your problem?

Thanks for the help! I tried the workaround. But when I put the js(“...”) into my KMP Wasm, it doesn't compile.

Calls to 'js(code)' should be a single expression inside a top-level function body or a property initializer in Kotlin/Wasm

I looked it up, but... I didn't find a good solution. We'll have to wait for Ktor 3.2.0 and see... I'm going to deploy it to a production server and try to match the domain.

Also, you can redefine the

fetch

function from the JS code.