How to tell why a cookie is not being sent?
Solution 1
This is a Chrome specific bug. No fix yet..
#56211 chrome.cookies fails for localhost domains
May also want to read this question. It isn't specific to chrome like this question, but it is specific to localhost behavior (unlike this question).
Solution 2
How to tell why a cookie is not being sent:
-
Go to network tab, and click the request that is not being sent with your cookie.
-
Go to the "Cookies" tab just appeared.
-
Check "show filtered out request cookies" to see all the cookies that wasn't sent, they'll appear in yellow.
Then a little "i" label will appear next to the property that is preventing the cookie from being sent. You can hover over to see the detail:
Solution 3
The problem is this:
domain=dev;
Quoting from RFC 2945:
The value of the Domain attribute specifies the domain for which the cookie is valid. If an explicitly specified value does not start with a dot, the user agent supplies a leading dot.
So the web client will only send the cookie if the host address ends in .dev.
Try sending the cookie without the domain attribute.
Solution 4
In my case, it was because Fetch API doesn't send cookies unless credentials: "include"
is given as an option.
fetch('API_ENDPOINT',{
method: 'POST',
credentials: 'include',
body: JSON.stringify(some_json_obj)
})
Also, I had to configure the Node.js ( express.js ) backend CORS as follows.
const cors = require('cors')
const corsOptions = {
origin: 'http://localhost:3000',
credentials: true
}
app.use(cors(corsOptions));
Solution 5
If you are on a cross domain request and using an XHR client (like the fetch API), be careful about the withCredentials parameter.
The XMLHttpRequest.withCredentials property is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.
Evan Carroll
#1 User for DBA.SE 2017. Available for contracting: 281.901.0011 PostgreSQL & PostGIS / MySQL / SQL Server JavaScript, Typescript, Rx.js, Node.js, Angular Also: C / Perl / Python / Rust / x86 Assembly
Updated on February 12, 2022Comments
-
Evan Carroll about 2 years
I'm using chrome and I'm wondering if there is either an extension or a method to tell why a cookie is not being sent.
I have one request I'm making to
http://dev/login
and it's returning,Set-Cookie:DevId=cffbc7e688864b6811f676e181bc29e6; domain=dev; path=/; expires=Tue, 16-Jun-2015 21:27:43 GMT
However, on a post to
http://dev/Base/User/home/
I'm not sending theDevId
cookie. I'd love to know why the cookie isn't being sent if anyone happens to know. But, moreover, I'd love to know how I can tell why and how to better debug this problem in the future.Here are some requests, as captured from Chrome's Dev tools
So here is my response from
/login
(notice Set-Cookie header),HTTP/1.1 200 OK Date: Tue, 16 Jun 2015 19:57:43 GMT Server: Apache Pragma: no-cache Cache-control: no-cache, max-age=0 Set-Cookie: DevId=cffbc7e688864b6811f676e181bc29e6; domain=dev; path=/; expires=Tue, 16-Jun-2015 21:27:43 GMT Cache-Control: max-age=0 Expires: Tue, 16 Jun 2015 19:57:43 GMT Keep-Alive: timeout=10, max=10 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: application/json; charset=ISO-8859-1
And here is my post to
/Base/User/home/1
(notice no cookie),POST /Base/User/home/ HTTP/1.1 Host: dev Connection: keep-alive Content-Length: 0 Origin: http://dev User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/43.0.2357.81 Chrome/43.0.2357.81 Safari/537.36 Content-type: application/x-www-form-urlencoded; charset=UTF-8 Accept: text/javascript, text/html, application/xml, text/xml, */* X-Prototype-Version: 1.7.2 X-Requested-With: XMLHttpRequest Referer: http://dev/user/1/home Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8
-
Evan Carroll almost 9 yearsThis works in Firefox, and that's not how it it's supposed to work. At least according to this post. The useragent is supposed to "supply" the dot, so it's written as
.dev
which should submit the cookie ondev
and any subdomains ofdev
. -
Arlo over 5 yearsYet when I use Incognito Mode or a different Chrome profile it works. So I'm confused why this is only an issue in my normal Chrome profile.
-
Aniket Singla over 3 yearsthanks man, I was looking for this from 3 days.
-
skainswo over 3 yearsOn problematic requests, I'm finding that the Cookies tab does not appear.
-
Lucas Said over 3 years@skainswo This might help you: https://stackoverflow.com/questions/55414344/chrome-network-request-does-not-show-cookies-tab-some-request-headers-copy-as. Though the answer there didn't work for me.
-
mrblue almost 2 yearsThanks Lucas! I couldn't find the issue for couple of hours. I didn't know about this option in chrome.