Menu
After logging in I am setting some cookies, which works in FF, Chrome, Edge etc. However for some reason, Samsung Internet Browser seems to be ignoring my cookies.
I've got cookies enabled, and it is accepting cookies from other sites, but I can't figure out why it won't accept them. I've got this capture from my server:
HTTP/1.1 200 OK
Content-Type: application/json
Set-Cookie: token=e1c137y8WEZItXVWExXBWRyQl9mxgxEvEMG++F6pzwart%2FAO0lTSA3tL48oeHclD%2FLQMdXWhgXvefpGR3QGMqwMe8cg%3D; HttpOnly; SameSite=Strict; Path=/; Expires=Wed, 08 May 2019 07:03:43 GMT
Set-Cookie: email=%2FwGLVu+6Yv5fYpSyZwRE8TIi0MlZZ6WaN+OaKusCF6pEyQjomquJmWwqSgrcHg2dcBeMBU%2Foeg%3D%3D; HttpOnly; SameSite=Strict; Path=/; Expires=Wed, 08 May 2019 07:03:43 GMT
Set-Cookie: testing=TESTETSETESET; HttpOnly
Server: Rocket
Content-Length: 56
Date: Wed, 01 May 2019 07:03:43 GMT
{ ... }
I've tried changing the HttpOnly, SameSite, Secure and domain settings, but so far nothing.
Any ideas?
Samsung internet version 9.2.00.70
Edit:
It seems like maybe it's because the cookies are being set from an Ajax query. I changed it to be a response from a normal form POST, and it seems to have worked. More digging...
231
Yes, you can set cookie in the AJAX request in the server-side code just as you'd do for a normal request since the server cannot differentiate between a normal request or an AJAX request.
Check out the OPTIONS response header ACCESS-CONTROL-ALLOW-CREDENTIAL whether it is set to true . If the server doesn't allow credentials being sent along, the browser will just not attach cookies and authorization headers. So this could be another reason why the cookies are missing in the POST cross-site request.
Basically, ajax request as well as synchronous request sends your document cookies automatically.
Turns out it was due to my Ajax request. Once I added credentials: "same-origin" to the request, it works as expected.
81
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
