2

I set cookie on requests coming at test.mysite.com, the problem is the Path parameter on the cookie is set to /test instead of plain / and this is causing issues with recognizing the cookie on different parts of the website. How can I set a cookie with absolute path, instead of a relative one?

code:

    cookie := http.Cookie{
        Name:     "session",
        Value:    "random_token",
        MaxAge:   300,
        HttpOnly: true,
        Secure:   true,
        Path:     "/",
        SameSite: http.SameSiteNoneMode,
    }

cookie:

session="random_token"; Max-Age=300; Path=/test; Secure; HttpOnly; SameSite=None; Domain=mysite.com
Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
H.Yazdani
  • 65
  • 3
  • 1
    The code in the question creates a cookie with the absolute path "/". Demonstration: https://go.dev/play/p/J1EjcZsBk6a – Charlie Tumahai Jan 24 '23 at 06:41
  • @CeriseLimón on local there's no issue, but if the request comes to a sub-domain then the path will be / instead of the plain / – H.Yazdani Jan 24 '23 at 06:48
  • Where do you see the path / ? Are you looking at the set-cookie header or something else? – Charlie Tumahai Jan 24 '23 at 07:18
  • @CeriseLimón I see it in the browser's cookie section. Set-cookie response header doesn't include the Path. Could it be the reason? – H.Yazdani Jan 24 '23 at 08:19
  • 1
    If you don't see it in `set-cookie` header - then you're running not the code you provided above but something else. – zerkms Jan 24 '23 at 08:32
  • @H.Yazdani Ensure that the application calls `http.SetCookie(resp, &cookie)` before the header or data is written to the response. – Charlie Tumahai Jan 24 '23 at 14:57

0 Answers0