Questions tagged [samesite]
Use this tag for questions about errors caused by a browser ignoring a Set-Cookie header—especially for cross-origin requests—due to a SameSite attribute being missing or having a certain value. Also for questions about implementing SameSite in your site's response headers. Consider adding the [cookies] tag too. SameSite instructs browsers to either restrict a cookie to first-party / same-site contexts or allow it in third-party / cross-site contexts.
samesite
470
questions
0
votes
0
answers
41
views
Missing few Cookies (Only in Chrome browser) in the First-Party Site's Request Header When Redirecting (Status Code: 303) from a Third-Party Site
Chrome Browser Version: 126.0.6478.127 (Official Build) (arm64)
Used technologies:
ClientSide - Html, React.js, Javascript
ServerSide - GoLang
What I tried:
Step 1:
Setting a few cookies with ...
-1
votes
1
answer
60
views
Refresh Token cannot be written into the browser's cookies
I encountered a strange situation. My project uses an HTTP-only refresh token. After the user successfully completes the login verification, the backend sends an HTTP-only refresh token to the ...
0
votes
1
answer
39
views
set http only and samesite flag for cookies in lighttpd
We are using lighttpd web server in our code base. It is that we need to add Samesite and HTTP ONLY flags for the cookie.
I have gone through many examples but all are related to PHP and some other ...
0
votes
0
answers
32
views
why does samesite=strict attribute in cookies restrict anchor links?
I want to add cookies to my website for enhanced security, as I used to use a bad session storage method.
I noticed that there are three options for samesite attribute in cookies. the most secure one ...
1
vote
0
answers
67
views
SameSite attribute for cross-site cookies
I don't understand how SameSite attributes work in cross-site Cookies and probably I don't understand how cross-site cookies work. I have a few questions, the answer to which will help me a lot.
I ...
1
vote
1
answer
190
views
Why is Chrome web-security blocking my first party cookie?
I'm trying to go from a monolith hosting my api server and react SPA to seperate hosting options (on the same domain, just different subdomains).
I have my frontend hosted on app.domain.com and ...
0
votes
0
answers
89
views
SameSite issue with Quarkus and with Keycloak
When I am on the keycloak page:
Some cookies are misusing the recommended “SameSite“ attribute 6
Cookie “KEYCLOAK_IDENTITY” does not have a proper “SameSite” attribute value. Soon, cookies without the ...
0
votes
0
answers
63
views
How to switch from lax to strict on an existing PHP sessions
We have a PHP API application that set session variables during authentication with an AzureAD server. The session is started with an include file containing this:
session_start( [
'name' ...
0
votes
1
answer
200
views
Why is Sec-Fetch-Site: cross-site when redirecting to same-site
Flow:
GET https://abc.example.com:8445/desktop/container (protected resource, redirect for saml authentication) response 302
GET https://xyx.test.com:8553 - does saml authentication and redirects (...
0
votes
1
answer
122
views
NextJs not setting the cookie from django csrf_token
My nextjs application integrated with django has an authentication system based on csrftoken and sessionid. Once the nextjs application runs, it makes a request to the backend for the csrf route, ...
0
votes
1
answer
69
views
Browser is not sending the cookie with fetch, allthough server and frontend have the same ip address (but different ports)
Ialready tried many things, but the browser still refuses to set the Cookie header on any request I make in the frontend. Both server and frontend running on my local machine.
I created a hosts entry ...
1
vote
0
answers
260
views
Cookies on localhost not being set... what to do?
I have a frontend running on http://localhost:5173 and a backend running on http://localhost:3000. I just can't test cookies sent by the backend anymore... the POST response looks like this:
Access-...
-2
votes
1
answer
81
views
something weird with samesite cookies
If you access to this url from google (you can search it as literally to find it quickly in SERP):
https://www.b e b e m o v i l.com/inglesina-electa
cookies politic will be shown (blue div) and if ...
0
votes
1
answer
204
views
Angular SPA which is used as Frontend for my custom OIDC provider is not sending session cookie to my backend /signin API
Senario
I have a two angular Apps first one is a angular_shop an which use /auth endpoint for a custom node_oidc_provider to start auth request
node_oidc_provider the checks the PKCE code from ...
1
vote
0
answers
308
views
Can I recreate next-auth v4 session on the client side in iframe?
Situation:
Nextjs web application running in iframe cannot access auth provider to let user login.
Nextjs web application opens a popup window, loads same web application sign-in page and then ...