Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Title
c
Chunkygoo
10/03/2022, 5:14 PMcookies
@rp
lets say Im trying to access the cookies on myapp.vercel.app, but the cookies were issued by api.myapp.info
r
rp
10/03/2022, 5:16 PMRight. You can’t
c
Chunkygoo
10/03/2022, 5:16 PMThe cookies have the attributes secure=true, samesite=none, domain=myapp.info
Can myapp.vercel.app use the cookies?
r
rp
10/03/2022, 5:17 PMIt can’t. Browser won’t allow that.
Cookies can only be shared if the domain is the same or the sub domain part is different.
If the entire domain is different, cookies won’t be shared
c
Chunkygoo
10/03/2022, 5:18 PMYeap but in the dm you said if samesite=none they can be shared?
r
rp
10/03/2022, 5:18 PMWell, shared as in the cookies will get sent when the api call is made
But the other domain can’t read the cookies. Or if you query the other domain, the cookies won’t be sent to that one
c
Chunkygoo
10/03/2022, 5:19 PMlittle confused
do you mind rephrasing "domain" and "other domain" with myapp.vercel.app and api.myapp.info?
r
rp
10/03/2022, 5:21 PMDomain is myapp one
c
Chunkygoo
10/03/2022, 9:16 PM@rp Do you think my understanding is accurate?
In short: samesite determines if the cookies are sent from the server to the browser, and domain determines if the cookies are sent from the browser to the server
r
rp
10/04/2022, 3:09 AMNo. SameSite determines if the cookies are sent from the browser to the server if the browser and server domain are of different origins
c
Chunkygoo
10/04/2022, 5:00 AMI see I see. Thanks!