node.js - Redirect to a URL fragment resets session on Chrome (Node/React/React-Router) -

i have app using node on backend , react (with hash history) on front end.

this means api endpoint urls like:
https://example.com/api/login

and react endpoints fragments root:
https://example.com/#/somepage

after logging user in (through oauth2) want redirect user specific url fragment within react spa.

my first thought doing have server redirect me url fragment.

my route handler looks like:

app.get('/oauthcallback', (req, res) => {     req.session.token = 'some token'     redirect('/#/someloggedinpage') } 

in safari works fine , further api requests made spa have share same req.session , therefore have token , can make authenticated downstream requests.

however, in chrome, upon redirection next api request causes creation of new session, losing token , preventing authenticated requests succeeding.

everything works fine when redirect api endpoint (not in spa).

it not work if redirect /, root of spa.

i'm wondering if there don't know how chrome handles url fragments , sessions.

so after 3 days of misery i've worked out.

turns out not chrome exhibiting incorrect behaviour, safari.

the library using making xhr requests not send cookies server client request unless include option: credentials: 'same-origin.

for example:

fetch(endpoint, { method, headers, credentials: 'same-origin' })     .then(res => {         //     }); 

looks safari sending them anyway, causes confusion. someone.