set-cookie header not working
Solution 1
See that Secure string in the cookie?
Yeah, me too. But only after a few hours.
Make sure you're accessing your site by SSL (https:// at the beginning of the URL) if you've got the Secure flag set.
If you're developing locally and don't have a cert, make sure you skip that option.
Solution 2
In my case, I had to add this to my response:
access-control-expose-headers: Set-Cookie
I found here that my Set-Cookie header was not accessible to my client unless I added it to the exposed-header header. Hope this can help someone!
Chris Pfohl
Full-stack, stack-agnostic, problem solver. I love data, great developer experience, keeping the big picture in mind and developing people-proof systems (mostly me-proof, if I'm being honest).
Updated on February 16, 2022Comments
-
Chris Pfohl about 2 years
I'm developing a small site w/ Go and I'm trying to set a cookie from my server.
I'm running the server on localhost, with 127.0.0.1 aliased to
subdomain-dev.domain.comon port5080.My When I receive the response for my
POSTtosubdomain-dev.domain.com:5080/loginI can see theset-cookieheader. The response looks like this:HTTP/1.1 307 Temporary Redirect Location: / Set-Cookie: myappcookie=encryptedvalue==; Path=/; Expires=Fri, 13 Sep 2013 21:12:12 UTC; Max-Age=900; HttpOnly; Secure Content-Type: text/plain; charset=utf-8 Content-Length: 0 Date: Fri, 13 Sep 2013 20:57:12 GMTWhy isn't Chrome or Firefox recording this? In Chrome it doesn't show up in the Resources tab. In FF I can't see it either. And in neither do I see it in future Request headers.