Skip to content

Cookie not being set in Safari

I was surprised when a login workflow I implemented worked in all browsers except Safari.

Turns out Safari doesn’t allow setting the secure property on a cookie on localhost.

So I had to remove this cookie property, and things worked again.

From MDN:

A cookie with the Secure attribute is only sent to the server with an encrypted request over the HTTPS protocol. It’s never sent with unsecured HTTP (except on localhost), which means man-in-the-middle attackers can’t access it easily. Insecure sites (with http: in the URL) can’t set cookies with the Secure attribute.

Also from MDN:

Insecure sites (http:) cannot set cookies with the Secure attribute (since Chrome 52 and Firefox 52). The https: requirements are ignored when the Secure attribute is set by localhost (since Chrome 89 and Firefox 75).

Not sure if this is how things should work and Chrome and Firefox allow this to make our life simpler, or it’s a Safari bug, but that’s how it is.

Written on Dec 20, 2023

I wrote 21 books to help you become a better developer:

HTML Handbook
Next.js Pages Router Handbook
Alpine.js Handbook
HTMX Handbook
TypeScript Handbook
React Handbook
SQL Handbook
Git Cheat Sheet
Laravel Handbook
Express Handbook
Swift Handbook
Go Handbook
PHP Handbook
Python Handbook
Linux Commands Handbook
C Handbook
JavaScript Handbook
Svelte Handbook
CSS Handbook
Node.js Handbook
Vue Handbook

...download them all now!

Related posts that talk about platform:

Generating UUIDs in JavaScript with window.crypto.randomUUID()

Sep 18, 2024
Unregister service workers in Safari

Mar 31, 2024
Had an issue with bfcache

Jan 4, 2024
How to implement file upload with drag and drop in vanilla JS

Dec 21, 2023
Cookie not being set in Safari

Dec 20, 2023
What to do if WebRTC on iOS shows a black box

Jul 22, 2022
How to use the FormData object

Jun 5, 2022
How to set the fragment part of a URL

May 2, 2022
How to get the fragment part of a URL

May 1, 2022
How to make an hr invisible

Nov 11, 2021
How to use Google Fonts

Jul 4, 2020
How to reset a form

Jun 30, 2020
How to add an image to the DOM using JavaScript

May 21, 2020
Safari, warn before quitting

May 5, 2020
How to use insertAdjacentHTML

May 3, 2020
How to remove all CSS from a page at once

Apr 12, 2020
How to get query string values in JavaScript with URLSearchParams

Mar 14, 2020
How to make a page editable in the browser

Dec 13, 2019
How to disable a button using JavaScript

Sep 16, 2019
How to copy to the clipboard using JavaScript

Sep 15, 2019
How to check if a checkbox is checked using JavaScript?

Sep 8, 2019
How to create an HTML attribute using vanilla Javascript

Aug 30, 2019
How to remove all children from a DOM element

Aug 28, 2019
Touch events

Aug 27, 2019
Mouse events

Aug 23, 2019
Keyboard events

Aug 19, 2019
Handling forms in JavaScript

Aug 14, 2019
How to work with scrolling on Web Pages

Aug 13, 2019
Web Components Custom Elements

Aug 12, 2019
How to use the Drag and Drop API

Aug 9, 2019
How to use getUserMedia()

Aug 4, 2019
How to use the Geolocation API

Jul 31, 2019
The Navigator Object

Jul 16, 2019
The Streams API

Jul 5, 2019
The BroadcastChannel API

May 23, 2019
The DataView Object

May 17, 2019
Typed Arrays

May 16, 2019
The URL Object

May 14, 2019
ArrayBufferView

May 12, 2019
ArrayBuffer

May 12, 2019
The FileList Object

May 11, 2019
The FileReader Object

May 7, 2019
The File Object

May 6, 2019
The Blob Object

Apr 27, 2019
Why use a preview version of a browser?

Feb 5, 2019
How to only accept images in an input file field

Dec 18, 2018
How to replace a DOM element

Dec 2, 2018
How to get the scroll position of an element in JavaScript

Dec 1, 2018
WebRTC, the Real Time Web API

Nov 18, 2018
Add click event to DOM elements returned from querySelectorAll

Oct 24, 2018
How to change a DOM node value

Oct 23, 2018
How to check if a DOM element has a class

Oct 22, 2018
How to remove a class from a DOM element

Oct 21, 2018
How to loop over DOM elements from querySelectorAll

Oct 19, 2018
How to add a class to a DOM element

Oct 18, 2018
How to wait for the DOM ready event in plain JavaScript

Oct 17, 2018
The Speech Synthesis API

May 15, 2018
Working with the DevTools Console and the Console API

Apr 27, 2018
What is the Doctype

Apr 20, 2018
The requestAnimationFrame() guide

Apr 17, 2018
Web Workers

Apr 16, 2018
CORS, Cross-Origin Resource Sharing

Apr 9, 2018
Roadmap to learn the Web Platform

Apr 8, 2018
What are Data URLs

Apr 7, 2018
An in-depth SVG tutorial

Apr 6, 2018
XMLHttpRequest (XHR)

Apr 5, 2018
The WebP Image Format

Apr 3, 2018
The History API

Apr 2, 2018
Learn how HTTP Cookies work

Mar 30, 2018
The Web Storage API: local storage and session storage

Mar 29, 2018
The Document Object Model (DOM)

Mar 26, 2018
Efficiently load JavaScript with defer and async

Mar 24, 2018
The Selectors API: querySelector and querySelectorAll

Mar 13, 2018
Dive into IndexedDB

Feb 28, 2018
The Notification API Guide

Feb 22, 2018
The Cache API Guide

Feb 20, 2018
Service Workers Tutorial

Feb 17, 2018
The Channel Messaging API

Feb 7, 2018
The Push API Guide

Feb 3, 2018
The Fetch API

Feb 2, 2018
The Complete Guide to Progressive Web Apps

Jan 25, 2018
How I made a CMS-based website work offline

Oct 25, 2017
Some useful tricks available in HTML5

May 14, 2013