Sending browser cookies during a 302 redirect

by

According to this blog post: http://blog.dubbelboer.com/2012/11/25/302-cookie.html all major browsers, IE (6, 7, 8, 9, 10), FF (17), Safari (6.0.2), Opera (12.11) both on Windows and Mac, set cookies on redirects. This is true for both 301 and 302 redirects.

As @Benni noted :

https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies

The SameSite attribute of a cookie specifies whether the cookie should be restricted to a first-party or same-site context. Several values of SameSite are allowed:

  • A cookie with "SameSite=Strict" will only be sent with a same-site request.
  • A cookie with "SameSite=Lax" will be sent with a same-site request, or a cross-site top-level navigation with a “safe” HTTP method.
  • A cookie with "SameSite=None" will be sent with both same-site and cross-site requests.

More Related Contents:

  1. Share cookie between subdomain and domain
  2. How do browser cookie domains work?
  3. How to detect server-side whether cookies are disabled
  4. Why is it common to put CSRF prevention tokens in cookies?
  5. How to handle multiple cookies with the same name?
  6. HTTP redirect: 301 (permanent) vs. 302 (temporary)
  7. Correct way to delete cookies server-side
  8. Cookie handling in Google Apps Script – How to send cookies in header?
  9. Why can’t I set a cookie and redirect?
  10. How are cookies passed in the HTTP protocol?
  11. How do I create a persistent vs a non-persistent cookie?
  12. Save cookies between two curl requests
  13. How does cookie “Secure” flag work?
  14. Domain set cookie for subdomain
  15. Share cookies between subdomain and domain
  16. Share a cookie between two websites
  17. Reading cookies via HTTPS that were set using HTTP
  18. What does HTTP/1.1 302 mean exactly?
  19. What is the difference between server side cookie and client side cookie?
  20. Is a URL with // in the path-section valid?
  21. Should cookie values be URL encoded?
  22. Is it possible to set more than one cookie with a single Set-Cookie?
  23. ‘Refresh’ HTTP header
  24. Easy HTTP requests with gzip/deflate compression
  25. CORS request with Preflight and redirect: disallowed. Workarounds?
  26. How to redirect user’s browser URL to a different page in Nodejs?
  27. Why does my web server software disallow PUT and DELETE requests?
  28. What does “pending” mean for request in Chrome Developer Window?
  29. Can I somehow do a synchronous HTTP request via NSURLSession in Swift
  30. Chunked encoding and content-length header

Leave a Comment