Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Sending browser cookies during a 302 redirect

Are there any issues with sending back a cookie during a 302 redirect? For example, if I create a return-to-url cookie and redirect the user in the same response will any (modern) browser ignore the cookie?

like image 835
Abdullah Jibaly Avatar asked Jan 14 '11 17:01

Abdullah Jibaly


People also ask

Can you set cookies on a redirect?

2), Opera (12.11) both on Windows and Mac, set cookies on redirects. This is true for both 301 and 302 redirects. The SameSite attribute of a cookie specifies whether the cookie should be restricted to a first-party or same-site context.

How does Google handle 302 redirects?

When you choose this type of redirect, the original page remains indexed in Google and no value (link equity) is transferred to the new URL because Google knows this is just temporary. Thus, you'll retain any rankings, traffic value, and authority that page might have.

Does browser automatically redirect 302?

Does a 302 automatically redirect? Yes. Since the browser is handling the communication between the server and you, it will automatically redirect to the new resource location. However, the same communication will occur with the new resource, too.

Does 302 get cached?

Even if you remove the redirection from the server, your browser continuously redirects the resources to the new domain or HTTPS, because of the hard cache. So the 302 is not hard cached by the browser and you have the ability to access the old version if you remove the redirection from your server (website).


1 Answers

According to this blog post: http://blog.dubbelboer.com/2012/11/25/302-cookie.html all major browsers, IE (6, 7, 8, 9, 10), FF (17), Safari (6.0.2), Opera (12.11) both on Windows and Mac, set cookies on redirects. This is true for both 301 and 302 redirects.

As @Benni noted :

https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies

The SameSite attribute of a cookie specifies whether the cookie should be restricted to a first-party or same-site context. Several values of SameSite are allowed:

  • A cookie with "SameSite=Strict" will only be sent with a same-site request.
  • A cookie with "SameSite=Lax" will be sent with a same-site request, or a cross-site top-level navigation with a "safe" HTTP method.
  • A cookie with "SameSite=None" will be sent with both same-site and cross-site requests.
like image 83
gavenkoa Avatar answered Sep 16 '22 18:09

gavenkoa