c
cookies
@rp_st
lets say Im trying to access the cookies on myapp.vercel.app, but the cookies were issued by api.myapp.info
r
Right. You can’t
c
The cookies have the attributes secure=true, samesite=none, domain=myapp.info
Can myapp.vercel.app use the cookies?
r
It can’t. Browser won’t allow that.
Cookies can only be shared if the domain is the same or the sub domain part is different.
If the entire domain is different, cookies won’t be shared
c
Yeap but in the dm you said if samesite=none they can be shared?
r
Well, shared as in the cookies will get sent when the api call is made
But the other domain can’t read the cookies. Or if you query the other domain, the cookies won’t be sent to that one
c
little confused
do you mind rephrasing "domain" and "other domain" with myapp.vercel.app and api.myapp.info?
r
Domain is myapp one
c
@rp_st Do you think my understanding is accurate?
In short: samesite determines if the cookies are sent from the server to the browser, and domain determines if the cookies are sent from the browser to the server
r
No. SameSite determines if the cookies are sent from the browser to the server if the browser and server domain are of different origins
c
I see I see. Thanks!