Menu
I have implemented an OAuth2 client, in which the first step is to send a user to the relevant 3rd party (facebook for this example), I set them a state cookie, and when they return from facebook I validate that state cookie.
In Chrome, everything is great. When I send the user to the redirect URL, I can see (using inspect element) that they have the state cookie I set.
However, when I try on (desktop) safari on latest MacOS, I don't see that cookie.
I set the cookie in the response for my redirect request:
res.cookie('state', state.toString(), {
maxAge: 3600000,
secure: true,
httpOnly: true,
});
res.redirect(someRedirectUri);
How can I get those cookies to be saved on Safari as well? Am I just setting the cookies wrong?
333
According to this blog post: http://blog.dubbelboer.com/2012/11/25/302-cookie.html all major browsers, IE (6, 7, 8, 9, 10), FF (17), Safari (6.0. 2), Opera (12.11) both on Windows and Mac, set cookies on redirects. This is true for both 301 and 302 redirects.
I think you've found known WebKit issue.
So safari is ignoring the Set-Cookie header when encountering the 302 HTTP status
100
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
