How do I fix the warning "Cookie 'cookie_name' will be rejected soon ..." that I get after deleting the cookie?
Firefox throws the following warning after deleting a valid cookie:
Cookie “cookie_name” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Scenario
After a valid login I send a cookie to the frontend. This cookie can be used during my session without any problems or warning. The development console also shows me the expected values: SameSite: "Strict" and Secure: true.
During the logout process the set cookie is removed by setting max-age=0 or expire=<date_in_past>. The browser deletes the cookie immediately as expected but I also get the warning mentioned above. It doesn't matter if I remove the cookie in the backend or frontend - the message will always be shown.
Code
Set Cookie - Backend (django):
class Login():
def post(self, request):
...
response = Response(status=status.HTTP_200_OK, ...)
response.set_cookie("cookie_name", value, max_age=60*60*5, secure=True, httponly=False, samesite='strict')
return response
Remove Cookie - Frontend: (preferred way for this cookie in my scenario so far)
function removeItem(key, path, domain) {
...
document.cookie =
encodeURIComponent(key) +
// "=; expires=Thu, 01 Jan 1970 00:00:00 GMT" +
"=; max-age=0" +
(domain ? "; domain=" + domain : "") +
(path ? "; path=" + path : "");
return true;
},
}
Remove Cookie - Backend (django): (listed just for completeness; results in same warning)
class Logout():
def post(self, request):
...
response = Response(status=status.HTTP_200_OK, ...)
response.delete_cookie("cookie_name")
return response
Is there a better way to remove cookies that doesn't result in the warning?
What you need to do is to add the samesite/secure cookie attributes when you set the cookie, otherwise, it might be rejected by the browser.
To complement this answer, I wrote a blog post that goes into more detail about this topic: Debugging cookie problems
- Setting showPrintMargin to false not working in React Ace Editor
- Animate toggle height from 0 to auto or 100%
- Conditional Logpoint in Chrome Devtools
- How can I conditionally render a React component if a sessionStorage variable does not exist in Next.js?
- How to set root directory for resolving absolute paths in esbuild?
- Concatenate two JSON objects
- Photoshop Scripting (JS): Duplicate layer set and subs
- Debugging Electron renderer process with VSCode
- I don't understand this javascript function call and where it would be used
- How to programmatically Download a file from Google Drive, using Javascript and HTML? (NOT Google Drive API)
- React Native const vs let vs var in Functional Components
- How to disable time from now with time picker antd
- Why does this function mutate innerHTML of a div element and extract its first child to parse HTML if you can just use jQuery to do the same?
- How can I pause setInterval() functions?
- How to remove spaces from a string using JavaScript?
- Add CSS3 transition expand/collapse
- Remove content of p tag
- How to detect CSS3 resize events
- How to extend an existing JavaScript array with another array, without creating a new array
- Attaching click event handlers in Astro pages
- var express = require('express'); var app = express(), What is express()?? is it a method or a constructor? Where does it come from
- How to set volume of audio object?
- Is it possible to add a new element to top of Map?
- How do I remove a property from a JavaScript object?
- Can't Add Ajax Pagination in ASP NET CORE
- No extra Boolean cast in JavaScript
- Why we have to add an 'async' declaration word to the javascript function which call a sync javascript function?
- Better way to filter an array of objects with one constant and one always changing value
- Generate A Weighted Random Number
- Code on scroll event is not executing if window is zoomed in/out in chrome