Simplify your stack and build anything. Or everything.
Schedule a Demo
USE CASES
Headless CMSEnterprise App BuilderHeadless E-CommerceDigital Asset Management
FEATURES
Multi-TenancyWhite LabelLocalizationAccess ControlAuth
CASE STUDIES

See what others are building with Payload.

Browse Case Studies
Build tomorrowโ€™s web with a modern solution you truly own.
PAYLOAD IS FOR
DevelopersMarketing teamsEnterprise companiesAgencies & Consultancies
COMPARE PAYLOAD
Payload vs WordPressPayload vs ContentfulPayload vs SanityPayload vs StrapiPayload vs Directus
AGENCY TESTIMONIAL

"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."

Become a PartnerFind a Partner
Code-based nature means you can build on top of it to power anything.
Resources
DocumentationExamplesTemplatesGitHubReleasesBlogGuides & Tutorials
Community
RoadmapDiscordCommunity Help
Resources for Developers

Get the resources you need to start building today

Guides & TutorialsExplore Docs
Itโ€™s time to take back your content infrastructure.
Schedule a Demo
Enterprise Features
SSOAI Auto-EmbeddingPublishing WorkflowsVisual EditorStatic A/B testingAI features
Customer Stories
MicrosoftASICSBlue OriginHello BelloTekton
Featured Customer Story

Microsoft chose Payload to tell the world about AI.

Read the case studyBrowse all
LoginGet Started
Community Help

HTTP Cookie won't get set

default discord avatar
thefrontend3 years ago
4

Can someone send me a screenshot of a successful login request that sets an http only cookie? Right now I'm receiving the cookie but it won't get set in the browser and I'm a bit stuck. ๐Ÿ‘€



@364124941832159242

I just found out that for cross-site requests the cookie needs to be set "secure": "true" and "same-site": "none". That solved my issue. Would be good to have this option within the payload config to avoid patching the dependency. ๐Ÿ™Œ

  • discord user avatar
    jmikrut
    3 years ago

    these two options are indeed configurable in the payload config already ๐Ÿ‘



    https://payloadcms.com/docs/authentication/config#options

    check out the

    cookies

    option



    you can set

    sameSite

    as well as

    secure

    right in the config, based on ENV vars or whatever you need ๐Ÿ‘

  • default discord avatar
    thefrontend3 years ago

    Haha, oh no! Guess I was blind ๐Ÿ˜…

  • default discord avatar
    sandrowegmann3 years ago

    I wanted to follow up on this real quick, because I've wasted countless hours on those cookie issues during my years in web dev.



    If you are using axios or sth similar, you need to set withCredentials": true (or credentials: 'include' in node fetch ). NOT ONLY ON THE REQUEST USING THE AUTH COOKIE, BUT ALSO ON THE REQUEST WHERE YOU WANT TO RETRIEVE THE AUTH COOKIE (e.g. login request). Otherwise, you'll see the set-Cookie header in the response, but no cookie will be set
  • discord user avatar
    jmikrut
    3 years ago

    ^^^^ 100%

Open

Continue the discussion in Discord

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.