7 Keys to the Mystery of a Missing Cookie
One day my colleague reported he couldn’t access a certain website. On every attempt he had been redirected back to the login page. I browsed to that website and surprisingly everything was working fine for me.
We checked our browsers and found out that we both are using the same version of the Chrome. What went wrong was that in his case session cookie was not passed along the request to the backend service and the backend replied with http status code 401 — Unauthorized.
There are a couple of reasons why the browser would not attach a cookie to the request even if we are expecting it to do so. This incident and it’s troubleshooting inspired me to sum them up here. What caused my colleague’s issue is marked as 1. in this blog. Before we proceed to it let’s start by hitting F12 and opening the developer console to see what cookies and their properties we have set.
Path: if / the cookies will be sent for all paths
HttpOnly: if true, the cookie cannot be accessed from within the client-side javascript code.
Secure: cookie has to be sent over HTTPS
