Chrome localhost cookie not being set

Question

I have an ASP.net application that uses a cookie to store the user selected language. Everything works fine except when I'm on localhost. Replacing localhost by 127.0.0.1 makes it work again... why?

I saw intended restrictions to file:// but I can't actually find any reference to intended restriction to localhost.

What I can't really understand is why the ASP.net Session (ASP.NET_SessionId) and ASP.net Forms Authentication Cookies (.FSAUTHSSO) are correctly set for the localhost domain but my cookies aren't... why?!

I already googled a lot and nothing works:

• Setting the Chrome command line flag --enable-file-cookies [DOES NOT WORK]
• Setting the cookie to HttpOnly [DOESN'T MATTER]
• Changing Expiration to Session or to a Date... [DOESN'T MATTER]
• Changing the Cookie Path to Root (/) or to anything else [DOESN'T MATTER]

So what does matter? :)

And why can the ASP.net cookies be set and mine don't? What's the difference?

Last thing just to mention that this also happens on IE but works fine on FF.

Thanks!

Alex

Answer 1

This was driving me nuts and unfortunately nothing I found helped.

TIL: Click on network tab, click your request, and go to the cookie tab and it will tell you exactly why your cookie was not set.

Updated my .net code:

        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
        {
            options.Cookie.SameSite = SameSiteMode.None;
            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;

My cookie was set in the browser even though local development is on http. We'll see if it still works when I make subsequent requests.

Answer 2

Stuck on this problem for hours and the problem was that the cookie had the wrong path. So everyone check what path the cookie is set on!

Answer 3

Go to - chrome://flags Just disable this 3 option. Must it works.

Answer 4

This was driving me nuts for hours! Then I realized:

1. I recently used HTTPS://localhost and set a cookie with the same name.

2. That was the reason HTTP://localhost was unable to set the cookie

3. So I went to https, cleared the cookies in the "application" tab in devtools and it started working with http again

Answer 5

To Run this in your local machine with Chrome browser >=79 please follow below steps. I fixed my problem by going to chrome://flags/ then search for cookies. Set the following 3 flags to disabled...

SameSite by default cookies Enable removing SameSite=None cookies Cookies without SameSite must be secure

Answer 6

I fixed my problem by going to chrome://flags/ then search for cookies. Set the following 3 flags to disabled...

• SameSite by default cookies
• Enable removing SameSite=None cookies
• Cookies without SameSite must be secure

Answer 7

For my situation, I was running an asp.net core razor pages app using iisexpress (localhost:####) and I ran into this issue with Chrome. My fix was to make sure the iisSettings in the Properties\launchSettings.json has number other than 0 for sslPort (44344). With the sslPort set to 0, iisexpress will not run will ssl. Changing it 44344 then runs the app using ssl in iisexpress. Alternative, going the project properties in Visual Studio and the Debug tab to Enable SSL will do this same change to launchsettings.json For example

"iisSettings": {
  "windowsAuthentication": false,
  "anonymousAuthentication": true,
  "iisExpress": {
    "applicationUrl": "http://localhost:29025/",
    "sslPort": 44344
  }
},

Answer 8

I know this might be silly but it just happened to me where I took over an asp.net mvc application where I could not get them to work locally. Finally, another developer pointed to an entry in the web.config that had been added recently.

<httpCookies httpOnlyCookies="true" requireSSL="true" />

Setting the requireSSL to "false" locally. Remember to apply the transformations through the environments. I hope this helps.

Answer 9

please try to put cookie.Domain = null on localhost and use the domain name otherwise.

Answer 10

I had an issue on chrome where a cookie with an expiration of 2 weeks in the future was not being set - this happened to be the auth cookie (.AspNet.ApplicationCookie) so I was continually being redirected back to the login page. This issue did not occur in other browsers I tried.

I ended up experimenting with custom cookies to determine that chrome thought the current date was earlier than it actually was - so for example I put in a cookie that expired in 1 year today (2-Apr-2017) and actually chrome set this cookie to expire 1-Jan-2017! This would then explain why a cookie with a 2 week expiry was already considered expired as chrome was lopping off 3 mths of the actual expiry and thus considered it already expired.

Chrome reboot didnt fix this - I rebooted the PC at this stage and this 'fixed' the bug. Also I should note this only occurred for localhost - seemingly every other site was ok.

Answer 11

Good news. Setting cookies on localhost is now possible on Chrome starting Canary build: https://code.google.com/p/chromium/issues/detail?id=551906

Answer 12

There is an issue on Chromium open since 2011, that if you are explicitly setting the domain as 'localhost', you should set it as false to it work or use set the domain as 127.0.0.1.

Answer 13

I just had the same issue in Chrome. I had cookie.Secure = true. Getting rid of that for localhost fixed the issue for me.

(Had the exact same issue, FWIW: worked in FF, not IE or Chrome)

Answer 14

Cookies are designed for second level and down. First level domains will not work. Instead you should use the address http://127.0.0.1 (as you mentioned) or you could edit your hosts file to map a different URL with a TLD to the address 127.0.0.1 such as:

yoursite.tld   127.0.0.1

Just researched this further; found this answer: Cookies on localhost with explicit domain