On Safari, cookies are not saved when sent with redirect


I have implemented an OAuth2 client, in which the first step is to send a user to the relevant 3rd party (facebook for this example), I set them a state cookie, and when they return from facebook I validate that state cookie.

In Chrome, everything is great. When I send the user to the redirect URL, I can see (using inspect element) that they have the state cookie I set. However, when I try on (desktop) safari on latest MacOS, I don't see that cookie.

I set the cookie in the response for my redirect request:

res.cookie('state', state.toString(), { maxAge: 3600000, secure: true, httpOnly: true, }); res.redirect(someRedirectUri);

How can I get those cookies to be saved on Safari as well? Am I just setting the cookies wrong?


I think you've found known WebKit issue.

So safari is ignoring the Set-Cookie header when encountering the 302 HTTP status



  • What is the philosophy behind “functional programming” when you actually want to create a side effec
  • libgdx TextureRegion to Pixmap
  • How to debug a Windows DLL used inside Python?
  • Java regex - get specific part of string
  • Always use my; never use local?
  • React Proxy error: Could not proxy request /api/ from localhost:3000 to http://localhost:8000 (ECONN
  • matplotlib equivalent for MATLABs truesize()
  • Require.js loosing url context
  • Eval Base64 virus Wordpress [duplicate]
  • Number of Hours Between Two Dates Not Working in Excel
  • How to serialize/deserialize in both JSON and XML format in Java?
  • select multiple elements with group by in spark.sql
  • Update statement in MySQL using C#
  • python: Using ncurses when underlying library logs to stdout
  • Ellipsis directive with title
  • How to add tag during runtime in C#
  • Move UIView per UIBezierPath [closed]
  • DocuSign API Replace template document but keep fields
  • How to use CoreFoundation in QuickTime SDK for Windows?
  • Firebase suddenly reports invalid signature
  • Hyperlink to Outlook Attachment
  • Align microsoft access queries
  • didSelectItemAtIndexPath of UICollectionView inside of a UIScrollView is not getting called
  • Creating Dictionaries from Lists inside of Dictionaries
  • Scripting Support For Image Filtering in DigitalMicrograph
  • Checking for valid enum types from protobufs
  • content must have a ListView whose id attribute is 'android.R.id.list'
  • Arraylist of strings into one comma separated string
  • JavaMail connection problems [duplicate]
  • Controller or RestController
  • Wireshark Display Filter for Unique Source/Destination IP and Protocol
  • Ruby regex for matching simpliest Ruby's regexes
  • using maven pom while creating jar:test-jar some times it says JAR will be empty - no content was ma
  • How to configure the APNS.Certificate in the arm template
  • Geokit in Ruby on Rails, problem with acts_as_mappable
  • JavaScript Regex to Match Boundaries of Words with diacritics
  • Android: Unable to detect vertical plane
  • Debug `Unexpected end of JSON input Error` on content script
  • What is the best way to cache and reuse immutable singleton objects in Java?
  • Cross compile glibc for arm, got undefined reference to some unwind functions