Chrome localhost cookie not being set

I have an ASP.net application that uses a cookie to store the user selected language. Everything works fine except when I'm on localhost. Replacing localhost by 127.0.0.1 makes it work again... why?

I saw intended restrictions to file:// but I can't actually find any reference to intended restriction to localhost.

What I can't really understand is why the ASP.net Session (ASP.NET_SessionId) and ASP.net Forms Authentication Cookies (.FSAUTHSSO) are correctly set for the localhost domain but my cookies aren't... why?!

I already googled a lot and nothing works:

• Setting the Chrome command line flag --enable-file-cookies [DOES NOT WORK]
• Setting the cookie to HttpOnly [DOESN'T MATTER]
• Changing Expiration to Session or to a Date... [DOESN'T MATTER]
• Changing the Cookie Path to Root (/) or to anything else [DOESN'T MATTER]

So what does matter? :)

And why can the ASP.net cookies be set and mine don't? What's the difference?

Last thing just to mention that this also happens on IE but works fine on FF.

Thanks!

Alex

Cookies are designed for second level and down. First level domains will not work. Instead you should use the address http://127.0.0.1 (as you mentioned) or you could edit your hosts file to map a different URL with a TLD to the address 127.0.0.1 such as:

yoursite.tld   127.0.0.1

Just researched this further; found this answer: https://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain

please try to put cookie.Domain = null on localhost and use the domain name otherwise.

This was driving me nuts for hours! Then I realized:

1. I recently used HTTPS://localhost and set a cookie with the same name.

2. That was the reason HTTP://localhost was unable to set the cookie

3. So I went to https, cleared the cookies in the "application" tab in devtools and it started working with http again

I fixed my problem by going to chrome://flags/ then search for cookies. Set the following 3 flags to disabled...

• SameSite by default cookies
• Enable removing SameSite=None cookies
• Cookies without SameSite must be secure

Good news. Setting cookies on localhost is now possible on Chrome starting Canary build: https://code.google.com/p/chromium/issues/detail?id=551906

I just had the same issue in Chrome. I had cookie.Secure = true. Getting rid of that for localhost fixed the issue for me.

(Had the exact same issue, FWIW: worked in FF, not IE or Chrome)

I know this might be silly but it just happened to me where I took over an asp.net mvc application where I could not get them to work locally. Finally, another developer pointed to an entry in the web.config that had been added recently.

<httpCookies httpOnlyCookies="true" requireSSL="true" />

Setting the requireSSL to "false" locally. Remember to apply the transformations through the environments. I hope this helps.

There is an issue on Chromium open since 2011, that if you are explicitly setting the domain as 'localhost', you should set it as false to it work or use set the domain as 127.0.0.1.

I had an issue on chrome where a cookie with an expiration of 2 weeks in the future was not being set - this happened to be the auth cookie (.AspNet.ApplicationCookie) so I was continually being redirected back to the login page. This issue did not occur in other browsers I tried.

I ended up experimenting with custom cookies to determine that chrome thought the current date was earlier than it actually was - so for example I put in a cookie that expired in 1 year today (2-Apr-2017) and actually chrome set this cookie to expire 1-Jan-2017! This would then explain why a cookie with a 2 week expiry was already considered expired as chrome was lopping off 3 mths of the actual expiry and thus considered it already expired.

Chrome reboot didnt fix this - I rebooted the PC at this stage and this 'fixed' the bug. Also I should note this only occurred for localhost - seemingly every other site was ok.

For my situation, I was running an asp.net core razor pages app using iisexpress (localhost:####) and I ran into this issue with Chrome. My fix was to make sure the iisSettings in the Properties\launchSettings.json has number other than 0 for sslPort (44344). With the sslPort set to 0, iisexpress will not run will ssl. Changing it 44344 then runs the app using ssl in iisexpress. Alternative, going the project properties in Visual Studio and the Debug tab to Enable SSL will do this same change to launchsettings.json For example

"iisSettings": {
  "windowsAuthentication": false,
  "anonymousAuthentication": true,
  "iisExpress": {
    "applicationUrl": "http://localhost:29025/",
    "sslPort": 44344
  }
},

To Run this in your local machine with Chrome browser >=79 please follow below steps. I fixed my problem by going to chrome://flags/ then search for cookies. Set the following 3 flags to disabled...

SameSite by default cookies Enable removing SameSite=None cookies Cookies without SameSite must be secure

Go to - chrome://flags Just disable this 3 option. Must it works.

Just use Mozilla - it works like a charm. No issues - no additional settings needed.