I have a hosted ASP.NET Web API on smarter asp, and I am accessing said API using a React application locally (localhost). The issue that I am facing is that the cookies are set in the response headers, but as soon as I close the dev tools menu and open it again, they disappear.
Also I can't decode the cookies because JS can't find them and every time I refresh the page while the dev menu is on, I can see the cookies for some reason and I am not sure how I would fix this.
Should I just return cookies in json response and communicate with the API via the token sent and not rely on cookies set by the server during development?
Notes:
- This issue just happens with the hosted API
- I know I can work with the local API, but I am working in a team so they need the hosted API to access the endpoints and data
Code to set the cookies :
private void SetAccessTokenInResponse(string accessToken)
{
Response.Cookies.Append(AccessTokenName, accessToken, new CookieOptions
{
HttpOnly = false,
Secure = true,
SameSite = SameSiteMode.None,
Expires = DateTime.Now.AddMinutes(15)
});
}
private void SetRefreshTokenInResponse(string refreshToken)
{
Response.Cookies.Append(RefreshTokenName, refreshToken, new CookieOptions
{
HttpOnly = true,
SameSite = SameSiteMode.None,
Secure = true,
Expires = DateTime.Now.AddDays(7),
Path = "/auth/refresh-token"
});
}
Response headers:
As I said the cookies appear with the domain set to the API domain only when I refresh and the dev tools are on or sign in with the dev tools on (sometimes I find duplicate cookies for some reason but once I refresh, the duplicate cookies go away). Once I close the dev tools and open them again, the cookies are no longer there.
domain=ourapp.company.com; path=/; secure; samesite=none; httponly.