When running the Users starter project in production mode, you can't reach the Admin UI. You keep getting prompted to login.
yarn create keystone-app. Select the Users starter.yarn build && yarn start.Should end up in the admin UI as in dev mode. Trying to navigate to localhost:3000/admin still sends you to the login page.
@jesstelford I've verified this bug and I do not understand why it only happens on a production build. I suspect you might have better intuition on how to track this down?
Since we don't know the cause this might be happening for other projects\templates too so I think this is high-priority.
Confirmed this is effecting other projects. This could mean login is not working in prod @timleslie @jesstelford don't do any releases. Also we should add a test for a prod build login.
The problem here is related to secure cookies
A secure cookie is only sent to the server with an encrypted request over the HTTPS protocol.
By default, Keystone will use secure cookies in production, with the assumption that you will be running over HTTPS.
secureCookies = process.env.NODE_ENV === 'production', // Default to true in production
The workaround if you don't want to/can't run HTTPS in production mode is to explicitly turn of secure cookies:
const keystone = new Keystone({
name: PROJECT_NAME,
adapter: new Adapter(),
secureCookies: false,
});
@MadeByMike Could you work out where the best place is for this information to live in the documentation, because it's definitely going to catch everyone when they first try to run in "production".
@timleslie yep! Documenting this here is a good start. I'll add it to the docs as well.
@timleslie Actually I have the same issue, i'm using heroku and https is enabled. I don't know if it's a limitation of cookies with regard to heroku domains or node app.

It seems it's related to this question; https://stackoverflow.com/questions/14463972/how-to-set-secure-cookie-using-heroku-node-js-express
So I guess we need to update this file, maybe we can pass an optional parameter on initiating Keystone. https://github.com/keystonejs/keystone/blob/master/packages/session/lib/session.js#L54
There's some info related to this in my write up on Secure Cookies and Reverse Proxies.
Most helpful comment
The problem here is related to secure cookies
By default, Keystone will use secure cookies in production, with the assumption that you will be running over HTTPS.
The workaround if you don't want to/can't run HTTPS in production mode is to explicitly turn of secure cookies:
@MadeByMike Could you work out where the best place is for this information to live in the documentation, because it's definitely going to catch everyone when they first try to run in "production".