My Laravel session cookie doesn't get set in a browser even though the server response contains the right Set-Cookie
header. The Laravel server is running at localhost:8000, and the client application is a NuxtJS SPA running at localhost:7000.
The response header containing Set-Cookie
is as follows:
HTTP/1.1 200 OK
Host: localhost:8000
Date: Sun, 06 Sep 2020 00:50:31 GMT
Connection: close
X-Powered-By: PHP/7.4.10
Cache-Control: no-cache, private
Date: Sun, 06 Sep 2020 00:50:31 GMT
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization, Access-Control-Request-Headers, Set-Cookie
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
Set-Cookie: dv_session=ifhSq8WFD2Upltr5v2bzNBgaA5xx3KiDVuMWuBge; expires=Sun, 06-Sep-2020 02:50:31 GMT; Max-Age=7200; path=/
Making the same request through postman, the cookie is saved:
So, it seems like the browser is ignoring the 'Set-Cookie' header.
My session.php file is as follows:
<?php
return [
'driver' => env('SESSION_DRIVER', 'redis'),
'lifetime' => env('SESSION_LIFETIME', 120),
'expire_on_close' => false,
'encrypt' => false,
'files' => storage_path('framework/sessions'),
'connection' => env('SESSION_CONNECTION', null),
'table' => 'sessions',
'store' => env('SESSION_STORE', null),
'lottery' => [2, 100],
'cookie' => 'dv_session',
'path' => '/',
'domain' => "",
'secure' => false,
'http_only' => false,
];
Why is the cookie getting saved in Postman, but being ignored by browsers?
Creating a CookieCookie can be created by global cookie helper of Laravel. It is an instance of Symfony\Component\HttpFoundation\Cookie. The cookie can be attached to the response using the withCookie() method. Create a response instance of Illuminate\Http\Response class to call the withCookie() method.
There is no other information stored in the session cookie. Session cookies are set on a device's temporary memory when a browser session starts.
Forum Check if cookie exists and is not null Last updated 3 months ago. You can get cookies from request: $value = Request::cookie('name', $defaultValue); if (Request::hasCookie('phone')) { ... }
Your problem runs in chrome and safari. Firefox will work with you. The problem is that chrome is not allowing cookies from http domains, which is your localhost. It's one of their latest releases.
You should be fine in production since you are going to have an https certificate there. But for development you can use firefox.
Another work-around is in the session.php
to set the 'secure' field to false.
'secure' => env('SESSION_SECURE_COOKIE', false)
This used to do the trick at first but i personally decided to move to firefox cause that trick stopped working and had to "hack my way" around this issue so it was easier to just change browser for development.
I had similar problem with REST api. With postman I was able to see cookie with httpOnly flag, but in browser nothing.
My solution was to correctly set withCredentials option for request. Here is link for more detailed discussion: Set-Cookie on Browser with Ajax Request via CORS
And change in laravel variable supports_credentials to true in file config/cors.php
In my case, I had the domain set incorrectly in config/session.php
'domain' => env('SESSION_DOMAIN', env('APP_URL')),
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With