Skip to main content

Questions tagged [samesite]

Ask Question

Use this tag for questions about errors caused by a browser ignoring a Set-Cookie header—especially for cross-origin requests—due to a SameSite attribute being missing or having a certain value. Also for questions about implementing SameSite in your site's response headers. Consider adding the [cookies] tag too. SameSite instructs browsers to either restrict a cookie to first-party / same-site contexts or allow it in third-party / cross-site contexts.

samesite
470 questions
Newest Active Bountied Unanswered
0 votes
0 answers
32 views

Missing few Cookies (Only in Chrome browser) in the First-Party Site's Request Header When Redirecting (Status Code: 303) from a Third-Party Site

Chrome Browser Version: 126.0.6478.127 (Official Build) (arm64) Used technologies: ClientSide - Html, React.js, Javascript ServerSide - GoLang What I tried: Step 1: Setting a few cookies with ...
Jakpren's user avatar
Jakpren
  • 91
-1 votes
1 answer
52 views

Refresh Token cannot be written into the browser's cookies

I encountered a strange situation. My project uses an HTTP-only refresh token. After the user successfully completes the login verification, the backend sends an HTTP-only refresh token to the ...
許漢昇's user avatar
許漢昇
  • 1
0 votes
1 answer
36 views

set http only and samesite flag for cookies in lighttpd

We are using lighttpd web server in our code base. It is that we need to add Samesite and HTTP ONLY flags for the cookie. I have gone through many examples but all are related to PHP and some other ...
ramdhyani's user avatar
ramdhyani
  • 1
0 votes
0 answers
32 views

why does samesite=strict attribute in cookies restrict anchor links?

I want to add cookies to my website for enhanced security, as I used to use a bad session storage method. I noticed that there are three options for samesite attribute in cookies. the most secure one ...
a_duck's user avatar
a_duck
  • 9
1 vote
0 answers
63 views

SameSite attribute for cross-site cookies

I don't understand how SameSite attributes work in cross-site Cookies and probably I don't understand how cross-site cookies work. I have a few questions, the answer to which will help me a lot. I ...
George Manlove's user avatar
George Manlove
  • 11
1 vote
1 answer
178 views

Why is Chrome web-security blocking my first party cookie?

I'm trying to go from a monolith hosting my api server and react SPA to seperate hosting options (on the same domain, just different subdomains). I have my frontend hosted on app.domain.com and ...
John Cover's user avatar
John Cover
  • 11
0 votes
0 answers
82 views

SameSite issue with Quarkus and with Keycloak

When I am on the keycloak page: Some cookies are misusing the recommended “SameSite“ attribute 6 Cookie “KEYCLOAK_IDENTITY” does not have a proper “SameSite” attribute value. Soon, cookies without the ...
jnbdz's user avatar
jnbdz
  • 4,903
0 votes
0 answers
62 views

How to switch from lax to strict on an existing PHP sessions

We have a PHP API application that set session variables during authentication with an AzureAD server. The session is started with an include file containing this: session_start( [ 'name' ...
theking2's user avatar
theking2
  • 2,518
0 votes
1 answer
188 views

Why is Sec-Fetch-Site: cross-site when redirecting to same-site

Flow: GET https://abc.example.com:8445/desktop/container (protected resource, redirect for saml authentication) response 302 GET https://xyx.test.com:8553 - does saml authentication and redirects (...
Ayush Verma's user avatar
Ayush Verma
  • 1
0 votes
1 answer
120 views

NextJs not setting the cookie from django csrf_token

My nextjs application integrated with django has an authentication system based on csrftoken and sessionid. Once the nextjs application runs, it makes a request to the backend for the csrf route, ...
Carlos Curcino's user avatar
Carlos Curcino
  • 69
0 votes
1 answer
67 views

Browser is not sending the cookie with fetch, allthough server and frontend have the same ip address (but different ports)

Ialready tried many things, but the browser still refuses to set the Cookie header on any request I make in the frontend. Both server and frontend running on my local machine. I created a hosts entry ...
Benny Alex's user avatar
Benny Alex
  • 159
1 vote
0 answers
249 views

Cookies on localhost not being set... what to do?

I have a frontend running on http://localhost:5173 and a backend running on http://localhost:3000. I just can't test cookies sent by the backend anymore... the POST response looks like this: Access-...
Bersan's user avatar
Bersan
  • 1,289
-2 votes
1 answer
81 views

something weird with samesite cookies

If you access to this url from google (you can search it as literally to find it quickly in SERP): https://www.b e b e m o v i l.com/inglesina-electa cookies politic will be shown (blue div) and if ...
mdromed's user avatar
mdromed
  • 69
0 votes
1 answer
202 views

Angular SPA which is used as Frontend for my custom OIDC provider is not sending session cookie to my backend /signin API

Senario I have a two angular Apps first one is a angular_shop an which use /auth endpoint for a custom node_oidc_provider to start auth request node_oidc_provider the checks the PKCE code from ...
Joel Joseph's user avatar
Joel Joseph
  • 6,101
1 vote
0 answers
298 views

Can I recreate next-auth v4 session on the client side in iframe?

Situation: Nextjs web application running in iframe cannot access auth provider to let user login. Nextjs web application opens a popup window, loads same web application sign-in page and then ...
RicardasJak's user avatar
RicardasJak
  • 51

15 30 50 per page
1
2 3 4 5
32