Why sessions cookies are not saved in browser?

Question

I'm making a website with angular and I use Flask as my API. Everything was ok until now, but I want to use session with flask, so I have to get the session cookie and send it back.

The problem is: Cookies are not saved on my browsers (Firefox/Google Chrome).

When I try with another tool like Insomnia/Postman, there is no problem! The cookie is saved and everything work when the cookie is sent back!

I have read a lot of same situation (I mean, with the domain parameter which need two dots), but even when I try:

angular client -> dev.localhost.local

Flask API -> api.localhost.local

domain -> .localhost.local

the browser get the set-cookie options

no cookie saved

no session saved

Browser just doesn't save my session...

I tried a lot of configuration:

Domain : .localhost.local, localhost.local,dev.localhost.local,.dev.localhost.local

I also tried to use different header to expose set-cookie and cookie header. I set the Access-Control-Allow-Credentials to True.

Nothing is working, so if you have any idea, I take it.

Answer 1

First thing that comes to my mind is that a session cookie should be non-persistent and will only stay for one session. To make a cookie persistent-ish, you need to define a lifetime for the cookie, by either giving it a duration until expiry in seconds (max-age) or a specific date in the form of a UNIX timestamp. To read more about cookie lifetimes see MDN.

To do this with flask session cookies see this SO post.

Otherwise, you can also use a response with response.set_cookie:

from flask import Flask, make_response, request
 
app = Flask(__name__)
 
@app.route('/login')
def login():
    # Do you authentication, authorization …
    resp = make_response("Session granted")
    # Set session cookie for a day
    resp.set_cookie('session', 'SESSION_KEY', max_age=60 * 60 * 24, domain='.localhost.local')
    return resp