Start building
Star on GitHub 47K Start building
Back

Cookie rejected because it has the attribute "SameSite=None" but not "Secure"

  • 0
  • Self Hosted
  • Auth
  • Web
View on Discord
Lexy
31 Mar, 2025, 13:06

I have a dev website (dev.domain.com) and appwrite as a subdomain (api.dev.domain.com), but no cookies are saved in the browser when logging in using the web sdk.

The console logs Cookie "a_session_X" was rejected because it has the attribute "SameSite=None" but is missing the attribute "secure".
How do I get it to set the secure cookie?

I have _APP_OPTIONS_FORCE_HTTPS=false in the .env file as Nginx is used in front with its own SSL certificate.

TL;DR
The cookies are not being saved due to the attribute "SameSite=None" without the "Secure" attribute. Add the line `proxy_cookie_path / "/; SameSite=Strict; HTTPOnly; Secure";` to Nginx to set all proxied cookies to secure. This should resolve the issue.
Lexy
31 Mar, 2025, 13:21

Adding this line to Nginx solved the problem: proxy_cookie_path / "/; SameSite=Strict; HTTPOnly; Secure"; (sets all proxied cookies to secure)

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more