1

I am currently wanting to store my temporary token from my server on the client. So for a short time the user does not have to login again. I am receiving the Set-Cookie in the response header but Chrome will not save it. I have checked other sites that use this and Chrome will save it. Also if there is a better solution then I would be happy to entertain that.

 HttpCookie myCookie = new HttpCookie("authTokenFromServer");
            myCookie.Value = authToken.ToString();
            myCookie.Path = "/; SameSite=Strict";
            myCookie.Expires = DateTime.Now.AddHours(1);
            return myCookie;

Response Headers

Access-Control-Allow-Origin: http://<removed>:8080
Cache-Control: no-cache
Content-Length: 154
Content-Type: application/json; charset=utf-8
Date: Fri, 24 Jan 2020 15:28:11 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-IIS/10.0
Set-Cookie: authTokenFromServer=xSZXBvc1xBQkEgUG9ydGFsIEF; expires=Fri, 24-Jan-2020 16:28:11 GMT; path=/; SameSite=Strict
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcbW1vemVyXFNvdXJjZVxSZXBvc1xBQkEgUG9ydGFsIEFQSVxEb2N0b3JQb3J0YWxBUElcYXV0aGVudGljYXRpb25cYXV0aGVudGljYXRl?=
zhydian
  • 76
  • 5
  • Does this: https://stackoverflow.com/questions/56392761/chrome-localhost-cookies-not-being-set solve your issue? – Athanasios Kataras Jan 24 '20 at 15:59
  • No, I am not using localhost and I have tried on FF and Chrome. It works on IE11(need to test old browsers also) But for some reason it won't work with newer browsers. – zhydian Jan 24 '20 at 16:10
  • I've tried all possible options with SameSite even not including it. – zhydian Jan 24 '20 at 17:23
  • Are the client and the server in different time zones? Because if `expires` is earlier than the current time on the client, then the cookie won't be set, as setting the expiry time to the past is the way to remove a cookie. – stuartd Jan 24 '20 at 17:53
  • Did you ever find a solution? I am having the same issue. – Jon L Jun 23 '20 at 12:03

1 Answers1

1

I also struggled with the same issues for hours. What worked for me was adding an option called credentials:'same-origin' in the request. Before adding this option, even though the browser (both chrome as well as firefox) was receiving the cookie, it was not saving it. After this change, it started saving it.

 const requestOptions = {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    credentials: 'same-origin',
    body: JSON.stringify({
      "gTokenId": this.state.tokenId
    } )
};

  //pass Google Id Token to Backend to receive corresponding AT
  fetch("https://<removed>.amazonaws.com/dev/tokens", requestOptions)
  .then(res => res.json())

I also added below headers to API response.

access-control-allow-credentials: true
access-control-allow-methods: GET,PUT,POST,DELETE,UPDATE,OPTIONS
access-control-allow-origin: http://localhost:3000

Refer https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials to learn more.

Vikram Rawat
  • 1,472
  • 11
  • 16