I have a quart (basically flask) web-app that is doing OAuth2 with discord. It seems to be working in the cloud, but locally the set-cookie header that appears in the http response after discord authorizes the user is being IGNORED by the browser.
there is an HTTP response with set-cookie. the next request is the callback uri and it has a different session cookie! This is a serious problem and I'm completely stumped. It only seems to be happening on local host? I've read some about browsers ignoring set-cookie, but I have no domain in the set-cookie field and my path is "/"
Response from discord
session=<cookie_A>; Expires=Thu, 08-Oct-2020 19:22:57 GMT; HttpOnly; Path=/
request for callback url
session=<cookie_B>