Setting `domain` on cookie prevents it from being read

Question

Setting `domain` on cookie prevents it from being read

jaredculp opened this issue 3 years ago · 4 comments

I am trying to set the domain property so that a cookie can be used on all subdomains; however doing so seems to prevent useCookies from reading the cookie.

import React from 'react';
import { render, screen } from '@testing-library/react';
import { CookiesProvider, useCookies } from 'react-cookie';

const CookieWriter = () => {
  const [, setCookie] = useCookies(['cookie-key']);
  const options = {
    path: '/',

    // uncomment to make test fail
    //domain: '.example.com'
  };
  setCookie('cookie-key', 'cookie-value', options);

  return <div></div>;
};

const CookieReader = () => {
  const [cookies] = useCookies(['cookie-key']);

  return <div>{cookies['cookie-key']}</div>;
};

describe('', () => {
  test('', async () => {
    render(
      <React.Fragment>
        <CookiesProvider>
          <CookieWriter />
          <CookieReader />
        </CookiesProvider>
      </React.Fragment>,
    );

    expect(screen.getByText('cookie-value')).toBeInTheDocument();
  });
});

Answer 1 · 2022-01-25T23:16:25.000Z

Unsurprisingly looks like the same issue is in universal-cookie:

import React from 'react';
import { render, screen } from '@testing-library/react';
import Cookies from 'universal-cookie';

const CookieWriter = ({cookies}) => {
  const options = {
    path: '/',

    // uncomment to make test fail
    //domain: '.example.com'
  };
  cookies.set('cookie-key', 'cookie-value', options);

  return <div></div>;
};

const CookieReader = ({cookies}) => {
  return <div>{cookies.get('cookie-key')}</div>;
};

describe('', () => {
  test('', async () => {
    const cookies = new Cookies();
    render(
      <React.Fragment>
        <CookieWriter cookies={cookies}/>
        <CookieReader cookies={cookies}/>
      </React.Fragment>,
    );

    expect(screen.getByText('cookie-value')).toBeInTheDocument();
  });
});

Answer 2 · 2022-09-29T11:10:05.000Z

we have the same problem. When specifying the domain, the cookies won't show up anywhere.

Answer 3 · 2022-12-28T19:39:21.000Z

we have the same problem. When specifying the domain, the cookies won't show up anywhere.

Hi @codeofsumit, did you find any old version that works?

Answer 4 · 2023-01-18T18:38:17.000Z

@jaredculp or @codeofsumit also looking to see if either of you found a solution.

Update: This is due to a security issue where creating cookies for external domains will never work (you would need to do it through a server-side method in order for it to work).

Cookies you create only work on the domain (or subdomain) of where you are generating/creating the cookie:

creating cookies from mydomainhere.com will work across that domain only, and if you want to specify subdomains, that works too (i.e. portals.customPage.mydomainhere.com).

However, if you want to go from mydomain.com to github.com -- that will not work

More:

https://javascript.info/cookie#domain
- TL;DR from link above:
  - There’s no way to let a cookie be accessible from another 2nd-level domain, so other.com will never receive a cookie set at site.com. It’s a safety restriction, to allow us to store sensitive data in cookies that should be available only on one site.