Samesite cookie attribute not being set using javascript

javascript cookies samesite

50,669

Solution 1

Your problem is not with SameSite, but with HttpOnly. HttpOnly and SameSite are 2 independent things, if you remove HttpOnly it will be working… and cookie will be set with SameSite.

<script>
    document.cookie = "AC-C=ac-c;expires=Fri, 31 Dec 9999 23:59:59 GMT;path=/;SameSite=Lax";
    alert( document.cookie );
</script>

Solution 2

You can not set HttpOnly flag via JavaScript API document.cookie. Flag HttpOnly can be set only via cookie header in server response. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies Cookies created via JavaScript cannot include the HttpOnly flag.

You wrote The cookie is being set but the SameSite attribute is not being set but I think it is not truth. Cookie set via JS with attribute HttpOnly is rejected at all or maybe some browser set it but ignore HttpOnly flag - so finally your cookie is not HTTP only.

50,669

Author by

Satya

Updated on July 09, 2022

Comments

Satya almost 2 years
I am trying to set SameSite attribute using javascript on my site . The code is
```
<script type="text/javascript">

    document.cookie = "AC-C=ac-c;expires=Fri, 31 Dec 9999 23:59:59 GMT;path=/;HttpOnly;SameSite=Lax";
  </script>
```
The cookie is being set but the SameSite attribute is not being set. Any idea where am I missing?

Thanks