set-cookie header not working

See that Secure string in the cookie?

Yeah, me too. But only after a few hours.

Make sure you're accessing your site by SSL (https:// at the beginning of the URL) if you've got the Secure flag set.

If you're developing locally and don't have a cert, make sure you skip that option.


Found related github issue response cookies not being sent that helped.
In my case I am running react app under https (with mkcert tool) and making cross origin fetch request and get response. Cookies of the response is not set until I

  1. specify credentials: 'include' for fetch request example fetch api
fetch('https://example.com', {
  credentials: 'include'
});
  1. Specify these response headers from server
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://localhost:3000

Access-Control-Allow-Origin header has value of the url of my react app.

  1. add these attributes of Set-Cookie Header Path=/; HttpOnly; Secure; SameSite=None using http cookies

Hope it helps someone!


In my case, I had to add this to my response:

access-control-expose-headers: Set-Cookie

I found here that my Set-Cookie header was not accessible to my client unless I added it to the exposed-header header. Hope this can help someone!

Tags:

Cookies

Web

Go