I've seen several similar issues reported on here, but none of the solutions or specific setups seem to be quite matching mine.
I have a React client that is calling a backend Framework Web API via apollo, which is setting an http only cookie that I am expecting to be sent back in all subsequent requests. The backend service is configured to accept the client domain as CORS origin and locally as well as when deployed to a test server this is all working fine.
I have now deployed both the client and back end service to separate Azure App Services and the cookie 'appears' to not be getting set on the client.
In the initial response headers I can see the cookie being set in set-cookie, but it is not then included in subsequent requests and does not appear in the applications tab in chrome tools.
My Apollo calls are specifying withCredentials: true
Any idea what the reason for this may be?
Edit. The response headers coming back from the initial API request are:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://my-app-service.azurewebsites.net
Cache-Control: no-cache
Content-Encoding: gzip
Content-Length: 256
Content-Type: application/json; charset=utf-8
Date: Fri, 29 Oct 2021 12:04:27 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-IIS/10.0
Set-Cookie: {Cookie-Name}={JWT-Token}; expires=Fri, 29-Oct-2021 12:24:27
GMT; path=/; HttpOnly
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
