1

I've deployed my app on Azure App Service and I know that Azure provides ARRAffinitySameSite cookie, but also I have another cookie for auth purposes, let's call it 'AUTH_COOKIE'.

Locally, I pass AUTH_COOKIE and I see them in request header (because I don't have any other cookies), but on my published app, I have two cookies: AUTH_COOKIE and ARRAffinitySameSite and my request doesn't want set to AUTH_COOKIE instead of ARRAffinitySameSite. How I can fix it?

return axios.get(`someUrl`, { params: { someParam}, withCredentials: true, headers: { 'Cookie': document.cookie } });
David Klempfner
  • 8,700
  • 20
  • 73
  • 153
Stasoz
  • 59
  • 2
  • 7
  • The `ARRAffinity` and `ARRAffinitySameSite` cookies are set by the Azure infrastructure to help load balance your application. If your app isn't scaled to multiple instances, or doesn't use in-process session (for example) you can disable the affinity cookie from the App Service Configuration blade (under General Settings). As this cookie is sent with the `HttpOnly` flag, it can only be read server-side, and so shouldn't normally be visible from client-side code. Ordinarily, any cookies that exist on the browser are sent with requests from either the browser or JS code. – Zhaph - Ben Duguid Jun 28 '21 at 12:33

1 Answers1

0

ARRAffinitySameSite is a secure cookie, we cannot read it by javascript.

enter image description here

For more details, please read below post and pic.

1. How to read a HttpOnly cookie using JavaScript

2. I need to get all the cookies from the browser

enter image description here

If you want to use ARRAffinitySameSite value, the code below is an alternative.

enter image description here

enter image description here

Jason Pan
  • 15,263
  • 1
  • 14
  • 29
  • 1
    It's not the `Secure` flag that's stopping JS from reading it, but the `HttpOnly` flag. That means it can only be read by the receiving servers, and not the client side code. `Secure` mandates that the cookie can only be sent to pages using a secure transport (i.e. HTTPS). – Zhaph - Ben Duguid Jun 28 '21 at 12:24