Postman set-cookie not working with the domain

Question

I want to controll authentication with cookies. And In my browser working successfully. But When I tried to test with postman, Postman doesn't add cookie to new request.

step - I login and response header like that:

But the response cookies tab like that:

And manage cookies window like that:

step - I send a request to unprotected router and I get unauthorized error.

This error started today. I don't remember making any changes to the settings. Why Im getting this type error. How can I solve this?

Same question here. My server try to set cookies with "set-cookie" header. I turned on nginx to "xxx.lan" but the problem still here. Hope someone write a solution here. — Константин Ушаков, Jul 22 '22 at 06:14

score 3 · Answer 1 · answered Jun 10 '22 at 13:08

3

I also had this problem, the fix is to remove the secure flag in the cookie when sending cookies from localhost as cookies set as secure can only be sent over HTTPS.

answered Jun 10 '22 at 13:08

Ekara Daniel

31
3

score 1 · Answer 2 · answered Oct 07 '22 at 07:58

I had this issue when testing a local Laravel Sanctum request to /login.

I had the following .env values set

SESSION_DOMAIN=docker-api-service-name
SANCTUM_STATEFUL_DOMAINS=docker-api-service-name

However these needed to be set to localhost to match the domain of the APP_URL. After this, everything was working fine.

SESSION_DOMAIN=localhost
SANCTUM_STATEFUL_DOMAINS=localhost

score 0 · Answer 3 · edited Feb 19 '23 at 16:01

0

Someone mentioned that setting the secure flag to false will solve it, and it will. The explanation however was not entirely correct.

Secure will indeed only work over secure connections (HTTPS). However, it will also work over HTTP if it's done in localhost: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies

edited Feb 19 '23 at 16:01

Eric Aya

69,473
35
181
253

answered Feb 19 '23 at 14:42

metinmayi

1
1
2

Can you edit the existing Answer, or provide a comment on it? – ryanwebjackson Feb 23 '23 at 20:42

score 0 · Answer 4 · answered May 18 '23 at 02:23

Setup your domain name inside the .env file

if you are on localhost add below

SESSION_DOMAIN=localhost

for custom domain (my domain name is qa_app.test)

SESSION_DOMAIN=qa_app.test

Note: if you are sending a request on an authenticated route where you are using Sanctum or passport middleware using Postman you need to use pass Referer.

Referer=localhost

it's identical for localhost or custom domain, in both conditions you need to pass localhost in the referer.

When you are in the web browser you don't need to pass the referer, it will be passed by web browser.

Postman set-cookie not working with the domain

4 Answers4