Samesite cookie attribute not being set using javascript

javascript cookies samesite
Satya picture Satya · May 16, 2018 · Viewed 38.5k times · Source

I am trying to set SameSite attribute using javascript on my site . The code is

<script type="text/javascript">

    document.cookie = "AC-C=ac-c;expires=Fri, 31 Dec 9999 23:59:59 GMT;path=/;HttpOnly;SameSite=Lax";
  </script>

The cookie is being set but the SameSite attribute is not being set. Any idea where am I missing?

Thanks

Answer

iiic picture iiic · Jun 9, 2019

Your problem is not with SameSite, but with HttpOnly. HttpOnly and SameSite are 2 independent things, if you remove HttpOnly it will be working… and cookie will be set with SameSite.

<script>
    document.cookie = "AC-C=ac-c;expires=Fri, 31 Dec 9999 23:59:59 GMT;path=/;SameSite=Lax";
    alert( document.cookie );
</script>

Related questions

SameSite warning Chrome 77

Since the last update, I'm having an error with cookies, related with SameSite attribute. The cookies are from third party developers (Fontawesome, jQuery, Google Analytics, Google reCaptcha, Google Fonts, etc.) The errors in the Chrome console are like this. A …

Read More
A cookie associated with a cross-site resource was set without the `SameSite` attribute

Chrome is giving me the following warning: A cookie associated with a cross-site resource at http://quilljs.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set …

Read More
Safari not sending cookie even after setting SameSite=None; Secure

Our application uses cookies to remember user login. Every auth API call we make, the browser attaches server-set HTTPonly cookie with the API request and gets authenticated. This behaviour seems to be broken in safari after Mojave release. I read …

Read More