35,140 questions
-3
votes
0
answers
35
views
Debugging - which page request sets a certain Javascript Cookie? [closed]
I have to debug a website that contains a lot of third-party JavaScript code, and I need to determine which page request sets (or in the error case, does NOT set) at specific JavaScript cookie.
My ...
- 109
Advice
0
votes
1
replies
152
views
How to authenticate WebSocket connection when access_token is stored in HttpOnly cookies? (Spring Cloud Gateway + STOMP)
I’m building a WebSocket-based microservice architecture using Spring Cloud Gateway and STOMP WebSockets.
Users log in through the frontend, and the backend sets:
access_token (HttpOnly, Secure, ...
- 11
-1
votes
1
answer
22
views
Extending Cookie Expiry in nginx
I am using nginx as a proxy between a front end and an API.
When the API returns a token, nginx sets it as a cookie.
The cookie will either have an expiry of 30 minutes, or 14 days if the user ticked '...
- 806
-1
votes
1
answer
75
views
Document.cookies set from inside my webview are undefined
I have a webapp that's already production ready to run inside a React Native Webview. The app uses the package js-cookie which saves the accessToken and refreshToken to the browser cookies.
import ...
- 2,389
0
votes
2
answers
116
views
My authentication setup requires a setTimeout before redirect to allow cookies to write in the browser
Authentication flow:
User is redirected back to my site (to /auth/callback) after logging in with a 3rd party. The redirect back includes query params. The React function on the callback page sends ...
- 7
0
votes
0
answers
62
views
Set HttpContext Response Cookie in Blazor without API
Issue with Auth princliples not being able to write to response in blazor app through an injected service
LoginModal:
@using Microsoft.AspNetCore.Components.Authorization
@using MtgDeckBuilderServices
...
Advice
0
votes
0
replies
52
views
Can Cloudflare be bypassed from unrendered browsers using basic techniques like setting proper headers or cookies?
I’m building a Scrapy-based crawler and facing Cloudflare protection on some sites.
Here’s my current setup:
I have a separate API service that can bypass Cloudflare by simulating a real browser (e.g....
1
vote
1
answer
116
views
Next.js 16 Cache Components: Why is my cache() function still hitting the database on every request despite using next: { revalidate: 3600 }?
I'm using Next.js 16 with Cache Components (cache() from React) to deduplicate and cache database queries across layouts and pages.
Here's my setup:
// lib/data.ts
import { cache } from 'react';
...
0
votes
0
answers
103
views
Why is Rails generating separate cookies for subdomains?
I have a Rails 6.1 application that previously used to serve assets from /assets (asset_host was unset)
Recently I've changed the asset_host to use //assets<X>.example.com/ where X would be a ...
- 2,552
1
vote
0
answers
53
views
Express' res.clearCookie() does not clear the cookie?
I assign the cookie here:
const sessionEnd = new Date(Date.now() + ( 1000 * 60 * 60 * 24 ));
const cookieOptions = {path: "/", expires: sessionEnd, httpOnly: false};
async function ...
- 31
0
votes
0
answers
45
views
Cannot get client running on React to send HttpOnly Cookie with JWT back to SpringBoot Server
I'm at my wits end here. The browser is not providing the cookie on my fetch() request. I'm running a SpringBoot server on port 8081 and have set up my CORS like so:
@Bean
CorsConfigurationSource ...
1
vote
1
answer
98
views
Set-Cookie header disappears after some time when using HttpClient with DelegatingHandler in ASP.NET Core
I have a .NET Core project with two layers: an API layer and a UI layer, both in the same solution. The UI layer is built with ASP.NET Core MVC, where controllers call services, and the services use ...
- 11
0
votes
0
answers
69
views
.AspNet.Cookies not set in IIS virtual application when using OWIN cookie middleware with .NET Framework
I'm running a .NET framework 4.7.2 application using OWIN cookie authentication under IIS as a virtual application locally (e.g., https://example.test/cms/) but I end up in and endless redirect loop ...
0
votes
1
answer
210
views
Better-auth not passing cookie after signIn using Google
I have BE written in Hono, that is providing auth using better-auth and Expo app that consumes it (I am using ios in development, not Expo Go). I m working with cookie-based auth that is proposed by ...
- 108
0
votes
0
answers
32
views
Mixpanel JavaScript SDK cookies missing SameSite attribute - how to add SameSite=Lax?
A pen tester called out that my Mixpanel cookies (mp_*) are missing the SameSite attribute.
Current Setup
I'm using the Mixpanel JavaScript SDK with this configuration:
mixpanel.init(token, {
...
- 14.6k
0
votes
0
answers
24
views
Setting cross site cookies for same root domain, diff subdomain
I deployed apis to api.xyz.com and frontend is on ui.xyz.com.
When I set and send back jwt in cookie from serverx it only sets to be used with ui.xyz.com.
Since, apis are on diff subdomain how do I ...
- 1,494
1
vote
0
answers
57
views
Blazor Server SignInAsync works but authentication cookie is not set in browser
I'm building a Blazor Server app with a Minimal API endpoint for login. Everything seems to work server-side:
My CustomAuthenticationStateProvider correctly updates the
AuthenticationState via ...
- 23
0
votes
0
answers
103
views
How to modify ASP.NET Core Identity cookie name after initialization?
I have an ASP.NET Core application that does multi-tenanting based on the path. For example to log into tenant1 you would go do https://domain.name/tenant1 and to log in as tenant2 you would go do ...
- 708
1
vote
0
answers
135
views
Better Auth cookies not saving in frontend after sign-in on Vercel deployment with Express/MongoDB
I'm building a full-stack application using Bun, Express, Node.js, MongoDB, and Better Auth for authentication. The app works perfectly on localhost, but after deploying to Vercel, cookies are not ...
- 11
0
votes
0
answers
32
views
Need help setting headers for ERPNEXT API endpoint
I have a next.js app that sends a delete request to the ERPNext backend from the next.js application.
The issue occurs on production only (i.e. the deployed next.js app) but works flawlessly on local. ...
- 15
1
vote
1
answer
393
views
Why am I getting “This attempt to set a cookie via a Set-Cookie header was blocked due to user preference” in my Next.js + Express app?
I’m building a blogging app with Next.js (frontend) and Express.js (backend).
The backend is deployed on Render, and the frontend runs locally on http://localhost:3000.
I’m trying to set cookies from ...
- 20
1
vote
2
answers
127
views
Laravel 12 - Angular 20 - Sanctum SPA - CSRF Token mismatch
Im trying to build a login and create user with CSRF Tokens and it wont run i tried for 3 days now and it wont work because of CSRF token mismatch. i think im missing something small or idk if its a ...
- 55
2
votes
2
answers
57
views
Setting cookies not allowed in extension popup?
I'm trying to set a cookie in the popup page of my extension to no avail. I've tried two different methods...
First I used document.cookie, which doesn't do anything...
document.cookie = "SID=...
- 55
0
votes
1
answer
43
views
Why signing in the user not working after registration in Blazor Web App?
Here is my code in Blazor Web App using .NET 9.
I am posting this after trying for multiple days but unable to make it work.
I am not using ASP.NET Core Identity in this project.
Registration page ...
- 7,629
0
votes
0
answers
35
views
protocol.ResponseProcessCookies.processCookies Invalid cookie header, invalid expires attribute
I'm using the API provided by RaveCapture (previously Trustspot) to send a review request when a customer makes a purchase.
Used to work fine, stopped working a few months ago, I was referring to the ...
- 13.4k