Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why does Chrome ignore Set-Cookie header?

Tags:

http

google-chrome

cookies

setcookie

Chrome has a long history of ignoring Set-Cookie header. Some of these reasons have been termed bugs and fixed, others are persistent. None of them are easy to find in documentation.

  • Set-Cookie not allowed in 302 redirects
  • Set-Cookie not allowed if host is localhost
  • Set-Cookie not allowed if Expires is out of acceptable range

I am currently struggling with getting chrome to accept a simple session cookie. Firefox and Safari seem to accept most any RFC compliant string for Set-Cookie. Chrome stubbornly refuses to acknowledge that a Set-Cookie directive was even sent on the request (does not show up in Developer Tools (Network)). curl looks fine.

So does anyone have either 1) modern best practices for cross-browser Set-Cookie formatting or 2) more information regarding what can cause Chrome to bork here?

Thanks.

like image 933
Andrew Johnson Avatar asked Mar 02 '18 08:03

Andrew Johnson

People also ask

Why is cookie not being set?

Check out the OPTIONS response header ACCESS-CONTROL-ALLOW-CREDENTIAL whether it is set to true . If the server doesn't allow credentials being sent along, the browser will just not attach cookies and authorization headers. So this could be another reason why the cookies are missing in the POST cross-site request.

What is the difference between set-cookie and cookie header?

The Set-Cookie header is sent by the server in response to an HTTP request, which is used to create a cookie on the user's system. The Cookie header is included by the client application with an HTTP request sent to a server, if there is a cookie that has a matching domain and path.

What do I do with cookie set header?

The Set-Cookie HTTP response header is used to send a cookie from the server to the user agent, so that the user agent can send it back to the server later. To send multiple cookies, multiple Set-Cookie headers should be sent in the same response.

How do I view cookie headers in Chrome?

In the developer tab related to the cookie, you can view only the cookie related to the response. In order to understand which headers was sent during the request, you have to move under the network tab and then you can click over your request. Here you can now see the headers related to your request. Save this answer.

1 Answers

One thing that has bitten me and is not on your list: if you are trying to set a secure cookie through HTTP on localhost, Chrome will reject it because you are not using HTTPS.

This kind of makes sense, but is annoying for local development. (Firefox apparently makes an exception for this case and allow to set secure cookies over HTTP on localhost).

like image 175
LMB Avatar answered Sep 28 '22 07:09

LMB
Sign in to Comment

Related questions

How to create chrome crx file programmatically (preferably in java)?
CORS problems with Amazon S3 on the latest Chomium and Google Canary
Detecting if code is being run as a Chrome Extension
Why doesn't jQuery work in Chrome user scripts (Greasemonkey)? [duplicate]
Disable form validation in browser
Getting DNS_PROBE_FINISHED_BAD_CONFIG error [closed]
Chrome window.open after ajax request acts like popup
debug XHR in chrome browser
preventDefault() on keyup event not working
document.execCommand('copy') not working on Chrome
Visual Studio Code debugger with Chrome refused to connect to localhost
Websocket server in chrome packaged app
How to maintain Chrome "enable request blocking" after closing dev tools?
Firing Mouseout Event depends on Window Size
How to get selected text from PDF opened in Chrome Browser from an extension [closed]
JS global "let" variable not updating in function?
Why can't you create Custom Elements in content scripts?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!