I have a Django app hosted on Google Cloud Run that upon logging in, sets a sessionid and csrftoken in the browser cookies. In my frontend Next app, which I am currently running locally, I redirect to an authenticated page after successful login. However, the cookies are not being set correctly after the redirect, they are empty. After making the login call I can see the cookies in the Application DevTools console, but when I refresh or redirect they are empty. It works when running my Django app locally, but not when it is hosted on Cloud Run.

These are my cookie settings in my Django settings.py:

SESSION_COOKIE_SAMESITE = 'None'
CSRF_COOKIE_SAMESITE = 'None'

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True   

CSRF_COOKIE_HTTPONLY = False

CORS_ALLOW_CREDENTIALS = True

My CORS_ALLOWED_ORIGINS and CSRF_TRUSTED_ORIGINS includes my local Next app: http://localhost:3000.

I had this working and I am not sure what changed and it is suddenly not. Any help with this would be greatly appreciated!