Samsung internet browser ignoring set-cookie on Ajax request

Question

After logging in I am setting some cookies, which works in FF, Chrome, Edge etc. However for some reason, Samsung Internet Browser seems to be ignoring my cookies.

I've got cookies enabled, and it is accepting cookies from other sites, but I can't figure out why it won't accept them. I've got this capture from my server:

HTTP/1.1 200 OK
Content-Type: application/json
Set-Cookie: token=e1c137y8WEZItXVWExXBWRyQl9mxgxEvEMG++F6pzwart%2FAO0lTSA3tL48oeHclD%2FLQMdXWhgXvefpGR3QGMqwMe8cg%3D; HttpOnly; SameSite=Strict; Path=/; Expires=Wed, 08 May 2019 07:03:43 GMT
Set-Cookie: email=%2FwGLVu+6Yv5fYpSyZwRE8TIi0MlZZ6WaN+OaKusCF6pEyQjomquJmWwqSgrcHg2dcBeMBU%2Foeg%3D%3D; HttpOnly; SameSite=Strict; Path=/; Expires=Wed, 08 May 2019 07:03:43 GMT
Set-Cookie: testing=TESTETSETESET; HttpOnly
Server: Rocket
Content-Length: 56
Date: Wed, 01 May 2019 07:03:43 GMT

{ ... }

I've tried changing the HttpOnly, SameSite, Secure and domain settings, but so far nothing.

Any ideas?

Samsung internet version 9.2.00.70

Edit:

It seems like maybe it's because the cookies are being set from an Ajax query. I changed it to be a response from a normal form POST, and it seems to have worked. More digging...

What version of Samsung internet is it that you are experiencing the problem? — Michael Hancock, May 01 '19 at 08:21
Sorry not sure then, apparently Samsung Internet [does support](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) `Set-Cookie`. But before version 5 some aspects of `Set-Cookie` were not supported. — Michael Hancock, May 01 '19 at 08:53

score 9 · Accepted Answer · answered May 01 '19 at 12:01

9

Turns out it was due to my Ajax request. Once I added credentials: "same-origin" to the request, it works as expected.

answered May 01 '19 at 12:01

dempzorz

1,019
13
28

for the others, make sure to add it directly to the init object itself, and not to the headers. that mistake led to another few hours of debugging for me. – Lioness Jul 14 '19 at 17:05
<3 Thank you so so much for this answer... took me a long time to find this! – Ari Seyhun Aug 21 '19 at 02:19

score 3 · Answer 2 · edited Jun 20 '20 at 09:12

your question have helped me too. I have the exactly same bug in Samsung Browser 9.2. I'm using github fetch implementation and in the docs you can see:

The default value for credentials is "same-origin".

The default for credentials wasn't always the same, though. The following versions of browsers implemented an older version of the fetch specification where the default was "omit":

Firefox 39-60

Chrome 42-67

Safari 10.1-11.1.2

If you target these browsers, it's advisable to always specify credentials: 'same origin' explicitly with all fetch requests instead of relying on the default:

So it's why explicitly set credentials: "same-origin" have worked for you and for me too.

Samsung internet browser ignoring set-cookie on Ajax request

2 Answers2