cookies
# support-questions-legacyc
chunkygoo.
10/03/2022, 5:14 PMcookies
chunkygoo.
10/03/2022, 5:15 PM@rp_st
chunkygoo.
10/03/2022, 5:16 PMlets say Im trying to access the cookies on myapp.vercel.app, but the cookies were issued by api.myapp.info
r
rp_st
10/03/2022, 5:16 PMRight. You can’t
c
chunkygoo.
10/03/2022, 5:16 PMThe cookies have the attributes secure=true, samesite=none, domain=myapp.info
chunkygoo.
10/03/2022, 5:16 PMCan myapp.vercel.app use the cookies?
r
rp_st
10/03/2022, 5:17 PMIt can’t. Browser won’t allow that.
rp_st
10/03/2022, 5:17 PMCookies can only be shared if the domain is the same or the sub domain part is different.
rp_st
10/03/2022, 5:17 PMIf the entire domain is different, cookies won’t be shared
c
chunkygoo.
10/03/2022, 5:18 PMYeap but in the dm you said if samesite=none they can be shared?
r
rp_st
10/03/2022, 5:18 PMWell, shared as in the cookies will get sent when the api call is made
rp_st
10/03/2022, 5:18 PMBut the other domain can’t read the cookies. Or if you query the other domain, the cookies won’t be sent to that one
c
chunkygoo.
10/03/2022, 5:19 PMlittle confused
chunkygoo.
10/03/2022, 5:19 PMdo you mind rephrasing "domain" and "other domain" with myapp.vercel.app and api.myapp.info?
r
rp_st
10/03/2022, 5:21 PMDomain is myapp one
c
chunkygoo.
10/03/2022, 9:16 PMchunkygoo.
10/03/2022, 9:16 PM@rp_st Do you think my understanding is accurate?
chunkygoo.
10/03/2022, 9:17 PMIn short: samesite determines if the cookies are sent from the server to the browser, and domain determines if the cookies are sent from the browser to the server
r
rp_st
10/04/2022, 3:09 AMNo. SameSite determines if the cookies are sent from the browser to the server if the browser and server domain are of different origins
c
chunkygoo.
10/04/2022, 5:00 AMI see I see. Thanks!