问题
I have implemented an OAuth2 client, in which the first step is to send a user to the relevant 3rd party (facebook for this example), I set them a state cookie, and when they return from facebook I validate that state cookie.
In Chrome, everything is great. When I send the user to the redirect URL, I can see (using inspect element) that they have the state cookie I set.
However, when I try on (desktop) safari on latest MacOS, I don't see that cookie.
I set the cookie in the response for my redirect request:
res.cookie('state', state.toString(), {
maxAge: 3600000,
secure: true,
httpOnly: true,
});
res.redirect(someRedirectUri);
How can I get those cookies to be saved on Safari as well? Am I just setting the cookies wrong?
回答1:
I think you've found known WebKit issue.
So safari is ignoring the Set-Cookie header when encountering the 302 HTTP status
来源:https://stackoverflow.com/questions/57026956/on-safari-cookies-are-not-saved-when-sent-with-redirect