Cookies are stored on the browser only in localohost

[romainleduc]

Hello, I am currently having a problem when I change my domain name on the client side.

When I send a cookie from my server to my client which has the domain name "localhost", it is sent and it is automatically stored in my browser.

On the other hand, if I change my domain name on the client side to "test.example.com" or simply "example", I can see that the server is indeed sending the cookie but it is not stored in the browser.

I thought maybe it was because when I am not in localhost I get an "insecure connection" message and it can affect cookies, but I have other cookies generated by i18n which store correctly on the browser.

Thanks :)

[dechowdev]

This sounds like the mixup is within exactly the domain part of the cookie.
If you are setting a cookie with domain: localhost and another with domain: test.example.com - either cannot be read by the other.
If you want the cookies to be read - they have to be from the same domain, unless you can host within the same "main" domain that is if you have two coming from api.example.com and frontend.example.com - you can simply denote the domain being .example.com and you can read both api and frontend server.

However speaking from experience - if you want the cookies to be secure you'd set them with HttpOnly and Secure to ensure that:

• They can only be listened for in server-to-server communication (no JS libraries intercepting them or reading them)
• They can only be exchanged / set in a HTTPS (encrypted) environment