Browser not saving cookies but Set-Cookie headers present
I am using React frontend and Django backend and have been struggling for days with authentication. I have boiled down the issue I am having to the browser not setting the cookies it receives from the backend.
When in inspect, I can verify that the Set-Cookie headers are present in the response. They are not appearing in storage though... (the cookies are a csrf token and session id). Other functionalities dependant on these cookies like logout fail. However, when using the Django rest framework interfaces (connecting to the backend urls, e.g., localhost:8000/users/login/), I can perform the login and over there, the cookies appear in storage.
I have tried both fetch and axios, I have included credentials: 'include' and withCredentials: true respectively.
As a final note, when using fetch, I grab the response
fetch(url, { ... })
.then(res => console.log(res.headers.get('Set-Cookie')))
When this prints null, when looping over all present headers I only see two (like application json).
For reference some screenshots.
These are all the cookies present, I am expecting to see csrftoken and session.
The next image shows the headers, there are two Set-Cookie headers with both sessionid and csrftoken.
And finally the cookies from the response
I have enabled the cors settings in Django, I played around with all pf the SAMESITE and HTTPONLY settings for cookies, I also tried different cors settings, nothing works.
For the browser to accept cookies with samesite=none, then they must also have the secure attribute set and you must use HTTPS.
Like
Set-Cookie:SessionCookie=xxxxxxxxxx; SameSite=None; Secure;
To complement this answer, I wrote a blog post that goes into more detail about this topic:Debugging cookie problems
- How to list all the removable devices with DBus and UDisks2?
- gobject/gnome/glib bindings for D using GIR?
- How do nested functions get compiled?
- The "this" pointer and message receiving in D
- 64-bit executables with DMD
- GtkD with D lang on Fedora
- Why Android used Java concept instead of D language or C or C++? But Chromium web browser is in C++, its very complicated match
- How to use MongoItemWriter to write a List<T>
- Why a function with protected modifier can be overridden and accessible every where?
- Convert Unicode const(uint)* to a dlang character type
- Compiling D with Code::Blocks
- DMD vs. GDC vs. LDC
- Rendering a font in raylib using freetype
- Digital Mars D compiler; acquiring ASM output
- D Programming: openssl rsa forward reference compiler error
- D compiler DMD doesn't link object files
- OPTLINK: Warning 23: No Stack
- Is there a limit in the amount of temporary generated symbols during a project build using dmd 2.063?
- Is this the right way to combine Garbage collected with none Garbage collected code in D
- D compiler (Digital Mars D Compiler) throwing error
- Which D Compiler to Use?
- Splitting a string treating multiple whitespace as one separator
- Proper way of passing array parameters to D functions
- Detailed Valgrind internals documentation
- Is it possible, in D, to tell the garbage collector to not scan a particular pointer (or anything below it)?
- Iterate over key/value pairs in associative array in D.
- Dlang associative array of an array of strings keyed by a string has unexpected behavior
- How to repeat a statement N times (simple loop)
- Is worth the effort to learn D?
- ld: undefined reference to object I can see in objdump