Why does Chrome ignore Set-Cookie header?

2020-07-04 07:03发布

Chrome has a long history of ignoring Set-Cookie header. Some of these reasons have been termed bugs and fixed, others are persistent. None of them are easy to find in documentation.

  • Set-Cookie not allowed in 302 redirects
  • Set-Cookie not allowed if host is localhost
  • Set-Cookie not allowed if Expires is out of acceptable range

I am currently struggling with getting chrome to accept a simple session cookie. Firefox and Safari seem to accept most any RFC compliant string for Set-Cookie. Chrome stubbornly refuses to acknowledge that a Set-Cookie directive was even sent on the request (does not show up in Developer Tools (Network)). curl looks fine.

So does anyone have either 1) modern best practices for cross-browser Set-Cookie formatting or 2) more information regarding what can cause Chrome to bork here?

Thanks.

0条回答
登录 后发表回答