set-cookie header not working
See that Secure
string in the cookie?
Yeah, me too. But only after a few hours.
Make sure you're accessing your site by SSL (https:// at the beginning of the URL) if you've got the Secure flag set.
If you're developing locally and don't have a cert, make sure you skip that option.
Found related github issue response cookies not being sent that helped.
In my case I am running react app under https (with mkcert tool) and making cross origin fetch request and get response. Cookies of the response is not set until I
- specify
credentials: 'include'
for fetch request example fetch api
fetch('https://example.com', {
credentials: 'include'
});
- Specify these response headers from server
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://localhost:3000
Access-Control-Allow-Origin
header has value of the url of my react app.
- add these attributes of Set-Cookie Header
Path=/; HttpOnly; Secure; SameSite=None
using http cookies
Hope it helps someone!
In my case, I had to add this to my response:
access-control-expose-headers: Set-Cookie
I found here that my Set-Cookie header was not accessible to my client unless I added it to the exposed-header header. Hope this can help someone!