Sending cookie session id with Swagger 3.0

Question

It is said that "To define cookie authentication, use API keys instead." in the official documentation

https://swagger.io/docs/specification/describing-parameters/#cookie-parameters

The fact is we tried with

components:
  securitySchemes:
    cookieAuth:         
      type: apiKey
      in: cookie
      name: sessionId
...
    security:
      - cookieAuth: []

Using the above code, in Swagger UI we are able to click on the padlock to set the value of the sessionId. But when we execute the method, the value of the cookie is NULL and we don't see the cookie sent in the Headers (Chrome Developer tool)

I tried also to put that in cookie parameter like this:

parameters:
  - in: cookie
    name: sessionId   
    required: true
    schema:
      type: string 

But there again, same result (arrive null, and nothing in the debugger tool.

We use Swagger with openApi 3.0, other parameters, requestBody is working well, but not this cookie transmission.

Thx for anything that can have an idea.

Answer 1

Swagger UI and Swagger Editor currently do not support sending cookies in "try it out" requests:
https://github.com/swagger-api/swagger-js/issues/1163

As the developers explain, the issue is that it's almost impossible to send arbitrary cookie data to a different origin from within the browser.

SwaggerHub supports cookie auth and cookie parameters though. SwaggerHub sends "try it out" requests from its servers rather than from your browser, which makes it possible to send requests with a user-defined Cookie header.

Disclosure: I work for the company that makes SwaggerHub.