setcookie - Browser ignoring Set-Cookie - Stack Overflow

admin管理员组

文章数量:1315252

I have frontend running at and backend at .

In the Chrome Dev Tools under Network, I can see that when frontend calls , the response includes the following header:

set-cookie:
MY-COOKIE-NAME=mycookievalue; Max-Age=604800; Expires=Thu, 06 Feb 2025 08:00:49 GMT; Path=/foo; Secure; HTTPOnly; SameSite=None

I can't see the cookie in Chrome Dev Tools under Application > Cookies. It is also not getting sent in subsequent calls to .

When I call from Postman, it picks up the cookie and uses it in subsequent calls to .

What is the reason for this?

I have frontend running at https://fe-qa.mydomain and backend at https://qa.mydomain.

In the Chrome Dev Tools under Network, I can see that when frontend calls https://qa.mydomain/foo/bar2, the response includes the following header:

set-cookie:
MY-COOKIE-NAME=mycookievalue; Max-Age=604800; Expires=Thu, 06 Feb 2025 08:00:49 GMT; Path=/foo; Secure; HTTPOnly; SameSite=None

I can't see the cookie in Chrome Dev Tools under Application > Cookies. It is also not getting sent in subsequent calls to https://qa.mydomain/foo/bar2.

When I call https://qa.mydomain/foo/bar1 from Postman, it picks up the cookie and uses it in subsequent calls to https://qa.mydomain/foo/bar2.

What is the reason for this?

• cookies
• setcookie
• httponly
• cookie-httponly

Share Improve this question Follow asked Jan 30 at 8:10 jjrzjjrz 37911 gold badge66 silver badges1414 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

Solution:

Ensure the frontend is configured to include credentials (cookies) in the request.

Example for fetch:

fetch('https://backend-api/endpoint', {
  credentials: 'include'
});

Example for Axios:

axios.get('https://backend-api/endpoint', {
  withCredentials: true
});

also ensure this header is set

Set Access-Control-Allow-Credentials: true 

in the backend response.

本文标签： setcookieBrowser ignoring SetCookieStack Overflow