Cookie in Set-Cookie header not being set
Though you are hosting client and server in the same domain as http://localhost
, your ports are different, so the same-origin policy is failed here. You can check https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy.
As so, you making a CORS request, check your network tab in your developer tools in your current browser, you might see a preflight request OPTIONS
, before your client sends POST
request to your server.
The server must specify headers to accept the origin of your next request - POST request from http://localhost:8000
with method POST
, you can refer to https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
HTTP/1.1 204 No Content
Connection: keep-alive
Access-Control-Allow-Origin: http://localhost:3000
Access-Control-Allow-Methods: POST // Your next request will use POST method
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true // cookies accepted
Added:
In Set-Cookie
, Max-Age
must be non-zero digit. It be rounded up into integer according to RFC doc. For express.js, cookies `maxAge property is on the scale of miliseconds
The solution will be set the maxAge
property as second * 1000
res.cookie('jwt', token, {
maxAge: 10000,
});
Cookies are not setting with setcookie();
You have output somewhere in init.php or any files init includes.
The output can be direct, as in a echo.
Or a space before the PHP tag or I think even an error/notice created by PHP.
As I wrote in comments find out where your output is, we can't help you with that.
You can as mentioned move then setcookie around in your code and see where it works and where it doesn't work.
When it stops working you have found the line that creates an output.
PHP – setcookie() not working
PHP superglobals are populated at script start-up time, and then are NOT modified or touched by PHP again for the life of the script. That means $_COOKIE
represents the cookies that were sent to the server in the http request that fired up the script. It will NOT show any cookies you've added/changed/deleted during the life of the script. Those changes will only show up on the NEXT request.
The only exception to this is $_SESSION
, which is populated when you call session_start()
.
If you need those values to be in $_COOKIE immediately, you'll have to add them manually, e.g.
setcookie('cookie', $value, ....);
$_COOKIE['cookie'] = $value;
set-cookie header not working
See that Secure
string in the cookie?
Yeah, me too. But only after a few hours.
Make sure you're accessing your site by SSL (https:// at the beginning of the URL) if you've got the Secure flag set.
If you're developing locally and don't have a cert, make sure you skip that option.
how to fix Cookies not setting in laravel 9?
Well, i found it, looks like problem was from VUE
side actually. app URL
was 127.0.0.1
for default in env
file, but in VUE
it was calling API
via Localhost
, and it was working but cookie wasn't saving due to this conflict, and when i changed it to 127.0.0.1
as default baseURL
in axios
, it worked.
Why is the browser not setting cookies after an AJAX request returns?
OK, so I finally figured out the problem. It turns out that setting the Path
option is important when sending cookies in an AJAX request. If you set Path=/
, e.g.:
Set-Cookie:SessionId=foo; Path=/; HttpOnly
...then the browser will set the cookie when you navigate to a different page. Without setting Path
, the browser uses the "default" path. Apparently, the default path for a cookie set by an AJAX request is different from the default path used when you navigate to a page directly. I'm using Go/Martini, so on the server-side I do this:
session.Options(session.Options{HttpOnly: true, Path:"/"})
I'd guess that Python/Ruby/etc. have a similar mechanism for setting Path
.
See also: cookies problem in PHP and AJAX
Safari set-cookies not working for first party cookie
There are a great number of problems related with Safari and the use of cookies, if you look up for information related with the problem you will find multiples bugs and solutions, ones appropriate for some cases, and ones for another.
Although Lax
is preferable (please, see this great article), one thing you can try is setting your cookies SameSite
attribute to None
. Be aware that this change maybe could be relevant and affect the application behavior in other browsers, especially Chrome.
Another thing you can try is setting the domain for the cookie to something like .domain.de
or domain.de
to avoid any possible subdomain related problem.
Finally, please, pay attention to the fact that in your screenshot it seems that the value for max age is not printed correctly. Probably not but perhaps a similar issue, for the same version of Safari you indicated, has been reported here on SO in this question: the OP solve the problem by adjusting the value of the max age
cookie attribute. Please, try different values for that information, maybe it works.
According to your comments, for future reference, in some way the problem seems related actually with the cookie max age
: removing max age
value from the cookie looks like a temporary workaround for the problem.
Related Topics
PHP to Search Within Txt File and Echo the Whole Line
How to Require a Fork With Composer
Is There a PHP Library For Email Address Validation
MySQL: Select Random Entry, But Weight Towards Certain Entries
Implementing Condition in Xpath
How to Find Out How "Deep" a PHP Array Is
How to Combine Two Arrays Together
How to Rely on PHP PHP.Ini Precision Workaround For Floating Point Issue
Trying to Get Property of Non-Object - Laravel 5
Convert a Comma-delimited String into Array of Integers
How to Loop Through a MySQL Result Set More Than Once Using the MySQL_* Functions
The Holy Grail of Cleaning Input and Output in PHP
The Character Encoding of the HTML Document Was Not Declared
How to Test If a MySQL Query Was Successful in Modifying Database Table Data