0

So I followed the steps outlined on the AWS blog here. (Note: I also used this method without the domain parameter same result)

Here is the issue: I see the cookie like so on my chrome browser Developer Tools> Network

enter image description here

So gateway is sending the settings back and it is being understood by the browser but when I look at the actually cookie storage I don't see the cookie. Just other ad cookies.

enter image description here

Here is the Set-Cookie Header that I am sending.

enter image description here

Any Ideas why the cookie, is not actually being set, and is not persistent?

wmfrancia
  • 1,176
  • 2
  • 10
  • 25
  • Have you tried a different browser? – Lorenzo d Nov 01 '16 at 22:01
  • How are you executing the API? The cookie may not be added because of cross domain policies/browser ajax restrictions. – adamkonrad Nov 01 '16 at 23:01
  • @kixorz There is a cross domain policy on the request since the cookie is being set via ajax request. That request is to fetch data from my DB and the Set-Cookie is being added to the response and the first part is working so I assume that indicates the Cross Origin is working and should work for the Cookie as well. – wmfrancia Nov 02 '16 at 13:37
  • @lorenzodelara Whether it works in another browser or not still won't solve the issue as it needs to work in Chrome for my purposes. – wmfrancia Nov 02 '16 at 13:38

1 Answers1

-1

I'd recommend abandoning usage of Set-Cookie header in your asynchronous requests because of inconsistent browser cross domain policies. Instead you can set the Cookie in client-side Javascript after receiving the response as a temporary measure.

You can consider migrating the logic to send the data in the request body as a JSON payload.

adamkonrad
  • 6,794
  • 1
  • 34
  • 41
  • Would a cookie set that way allow for the cookie to be persistent (stays even after browser closes?) – wmfrancia Nov 02 '16 at 19:26
  • Yes, it's a regular cookie. – adamkonrad Nov 02 '16 at 19:26
  • Okay I will try that route and see. – wmfrancia Nov 02 '16 at 19:37
  • 1
    This should be avoided in future, in particular if the user comes from an ad campaign. In some browsers the cookies set via javascript will be deleted after 24h. In future probably only HttpOnly cookies set from server will be safe from that inclusion. Search for Safari ITP 2.3 Regulations. Here a good article: https://mightyhive.com/news-ideas/safari-itp-2-3 I am also working on this problem right now, will post an answer if i find it – Björn Grambow Jan 11 '21 at 11:13
  • Good info. Thanks! – adamkonrad Jan 11 '21 at 19:24