Third-party cookie not set on Ajax request

Question

When visiting foo.com the response of an Ajax GET request to bar.co.at includes this response header:

Set-Cookie: PHPSESSID=i39mm1u7jh4tr7pmebue1k7abc;
            expires=Thu, 19-Nov-2020 20:34:40 GMT; 
            Max-Age=3600;
            path=/;
            domain=.bar.co.at;
            secure;
            HttpOnly;
            SameSite=none

A subsequent Ajax POST request to bar.co.at does not include any cookie header. But I need this header for having a session on bar.co.at.

Maybe that could be related to CORS somehow, or maybe to the cookie name PHPSESSID?

(It's the same on Firefox and Chrome 86.0.4240.111)

score 1 · Accepted Answer · answered Feb 25 '21 at 12:07

1

Seems like it is Third Party Anti Tracking (TPT) policy. So from this time, browser will not send cookies to third party domains from your domain.

https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and-cryptomining-by-default/

Some options to how you can resolve it you can find here : https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/

answered Feb 25 '21 at 12:07

Nigrimmist

10,289
4
52
53

I could not test anymore if this is the correct answer but I guess it is so I accepted it. thank you! – Michael Käfer Aug 11 '21 at 14:51

Third-party cookie not set on Ajax request

1 Answers1