Sending browser cookies during a 302 redirect

http cookies http-status-code-302
Abdullah Jibaly picture Abdullah Jibaly · Jan 14, 2011 · Viewed 88.5k times · Source

Are there any issues with sending back a cookie during a 302 redirect? For example, if I create a return-to-url cookie and redirect the user in the same response will any (modern) browser ignore the cookie?

Answer

gavenkoa picture gavenkoa · Nov 13, 2013

According to this blog post: http://blog.dubbelboer.com/2012/11/25/302-cookie.html all major browsers, IE (6, 7, 8, 9, 10), FF (17), Safari (6.0.2), Opera (12.11) both on Windows and Mac, set cookies on redirects. This is true for both 301 and 302 redirects.

As @Benni noted :

https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies

The SameSite attribute of a cookie specifies whether the cookie should be restricted to a first-party or same-site context. Several values of SameSite are allowed:

  • A cookie with "SameSite=Strict" will only be sent with a same-site request.
  • A cookie with "SameSite=Lax" will be sent with a same-site request, or a cross-site top-level navigation with a "safe" HTTP method.
  • A cookie with "SameSite=None" will be sent with both same-site and cross-site requests.

Related questions

Share cookie between subdomain and domain

I have two questions. I understand that if I specify the domain as .mydomain.com (with the leading dot) in the cookie that all subdomains can share a cookie. Can subdomain.mydomain.com access a cookie created in mydomain.com (…

Read More
How are cookies passed in the HTTP protocol?

How are cookies passed in the HTTP protocol?

Read More
How do browser cookie domains work?

Due to weird domain/subdomain cookie issues that I'm getting, I'd like to know how browsers handle cookies. If they do it in different ways, it would also be nice to know the differences. In other words - when a …

Read More