I have an ASP.net application that uses a cookie to store the user selected language. Everything works fine except when I'm on localhost. Replacing localhost by 127.0.0.1 makes it work again... why?
I saw intended restrictions to file:// but I can't actually find any reference to intended restriction to localhost.
What I can't really understand is why the ASP.net Session (ASP.NET_SessionId) and ASP.net Forms Authentication Cookies (.FSAUTHSSO) are correctly set for the localhost domain but my cookies aren't... why?!
I already googled a lot and nothing works:
So what does matter? :)
And why can the ASP.net cookies be set and mine don't? What's the difference?
Last thing just to mention that this also happens on IE but works fine on FF.
Thanks!
Alex
Check out the OPTIONS response header ACCESS-CONTROL-ALLOW-CREDENTIAL whether it is set to true . If the server doesn't allow credentials being sent along, the browser will just not attach cookies and authorization headers. So this could be another reason why the cookies are missing in the POST cross-site request.
Secure cookies are set only on HTTPS, but not on http://localhost for all browsers.
What you can do is go to Chrome setting > Privacy and Settings > See all the cookies and site data , search for localhost and delete it. Then refresh your site it will be working.
Cookies are designed for second level and down. First level domains will not work. Instead you should use the address http://127.0.0.1 (as you mentioned) or you could edit your hosts file to map a different URL with a TLD to the address 127.0.0.1 such as:
yoursite.tld 127.0.0.1
Just researched this further; found this answer: Cookies on localhost with explicit domain
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With