0

I have a quart (basically flask) web-app that is doing OAuth2 with discord. It seems to be working in the cloud, but locally the set-cookie header that appears in the http response after discord authorizes the user is being IGNORED by the browser.

there is an HTTP response with set-cookie. the next request is the callback uri and it has a different session cookie! This is a serious problem and I'm completely stumped. It only seems to be happening on local host? I've read some about browsers ignoring set-cookie, but I have no domain in the set-cookie field and my path is "/"

Response from discord
session=<cookie_A>; Expires=Thu, 08-Oct-2020 19:22:57 GMT; HttpOnly; Path=/

request for callback url
session=<cookie_B>
bravosierra99
  • 1,331
  • 11
  • 23
  • Could you share the Set-Cookie header in both cases (save for the sensitive value)? Without it I don't think I can help. – pgjones Sep 09 '20 at 21:15
  • Hey I should have answered. But my issues was using 127.0.0.1 in my browser and then having the discord callback uri be localhost, browser cookies treat that as two separate domains... – bravosierra99 Sep 09 '20 at 21:17

0 Answers0