Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sending browser cookies during a 302 redirect

Tags:

http

cookies

http-status-code-302

Are there any issues with sending back a cookie during a 302 redirect? For example, if I create a return-to-url cookie and redirect the user in the same response will any (modern) browser ignore the cookie?

like image 835
Abdullah Jibaly Avatar asked Jan 14 '11 17:01

Abdullah Jibaly

People also ask

Can you set cookies on a redirect?

2), Opera (12.11) both on Windows and Mac, set cookies on redirects. This is true for both 301 and 302 redirects. The SameSite attribute of a cookie specifies whether the cookie should be restricted to a first-party or same-site context.

How does Google handle 302 redirects?

When you choose this type of redirect, the original page remains indexed in Google and no value (link equity) is transferred to the new URL because Google knows this is just temporary. Thus, you'll retain any rankings, traffic value, and authority that page might have.

Does browser automatically redirect 302?

Does a 302 automatically redirect? Yes. Since the browser is handling the communication between the server and you, it will automatically redirect to the new resource location. However, the same communication will occur with the new resource, too.

Does 302 get cached?

Even if you remove the redirection from the server, your browser continuously redirects the resources to the new domain or HTTPS, because of the hard cache. So the 302 is not hard cached by the browser and you have the ability to access the old version if you remove the redirection from your server (website).

1 Answers

According to this blog post: http://blog.dubbelboer.com/2012/11/25/302-cookie.html all major browsers, IE (6, 7, 8, 9, 10), FF (17), Safari (6.0.2), Opera (12.11) both on Windows and Mac, set cookies on redirects. This is true for both 301 and 302 redirects.

As @Benni noted :

https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies

The SameSite attribute of a cookie specifies whether the cookie should be restricted to a first-party or same-site context. Several values of SameSite are allowed:

  • A cookie with "SameSite=Strict" will only be sent with a same-site request.
  • A cookie with "SameSite=Lax" will be sent with a same-site request, or a cross-site top-level navigation with a "safe" HTTP method.
  • A cookie with "SameSite=None" will be sent with both same-site and cross-site requests.
like image 83
gavenkoa Avatar answered Sep 16 '22 18:09

gavenkoa
Sign in to Comment

Related questions

$http get parameters does not work
Is it safe to put a jwt into the url as a query parameter of a GET request?
Convention for HTTP response header to notify clients of deprecated API
REST - HTTP Post Multipart with JSON
JMeter: How to send request with content type header?
How to get data out of a Node.js http get request
HTTP get with headers using RestTemplate
Returning http 200 OK with error within response body
How to detect server-side whether cookies are disabled
Http status code with libcurl?
Dealing with HTTP content in HTTPS pages
URI starting with two slashes ... how do they behave?
POST request with a simple string in body with Alamofire
Read response headers from API response - Angular 5 + TypeScript
HTTP vs TCP/IP, send data to a web server
Is putting your favicon.ico file in a non-root path a bad idea?
What is the correct HTTP status code to send when a site is down for maintenance?
http keep-alive in the modern age
Correctly doing redirect_to :back in Ruby on Rails when referrer is not available
Detecting a redirect in ajax request?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!