I am building an Angular application and I am using ngx-cookie-service
to manipulate the cookies.
When I run on my local machine, the cookies are set just fine.
When I run on my test server and access it via localhost, it also works just fine.
eg: http://localhost:<port_number>
But if I try to access it on the test server from another machine using the ip address (http://<server_ip>:<port_number>
), the application works but the cookie is not there and there is no message, error or warning, about what is happening.
I searched other answers but couldn't find a clue. I also fiddled with the setting for Same-Site = 'Lax' or 'None'
and Domain
but it didn't change things.
Here is a sample of what I am doing
constructor(private cookieService: CookieService) { }
this.cookieService.set("cookieName", "value", null, "/", null, true);
What am I doing wrong?
Edit:
I discovered that if I set the cookie with secure=false
and sameSite="Lax"
, it does set:
If I set secure=true
and SameSite="Lax"
, it does not set:
I need the secure to be true as a security requirement, so I cannot leave it like that.
This cookie is not being sent from the back-end, the front-end is creating it to store some info.
Does anyone know why it sets in without secure?
I managed to find a way for the cookie to appear.
Installing a certificate on the server, when the website is called with the
https
protocol, the cookie appears.I couldn't find anywhere were it said that cookies with Secure set were not created over plain
http
but it does make sense, when you think about it.