Cookie regression issue in 3.5.0 has not been resolved in 3.6.0

[jcheo1]

Current behavior:

Like in 3.5.0, the cookie cannot be set in the chrome browser when running cypress.

Desired behavior:

Like in 3.4.1, the cookie can be set in the chrome browser when running cypress.

Steps to reproduce: (app code and test code)

Cypress.Commands.add('adminLogin', ($user, $legacy) => {
	if ($legacy == null) {
		cy.setCookie('UI', 'admin_ui');
	}
	cy.visit('/');
	cy.get('#login_username').type($user.username);
	cy.get('#login_password').type($user.password);
	cy.get('[data-testid=login]').click();
});

//Log into admin
cy.adminLogin(admin);

Versions

3.6.0, Linux mint, chrome

[jennifer-shehane]

@jcheo1 Can you please link to the original issue that you believe was inaccurately closed in 3.6.0?

[jennifer-shehane]

There is a known issue where if your website is using service worker cache, then the old version of Cypress may continue to run against your tests when locally opened in the newer version. #702

Could you please follow these instructions to clear App Data and restart Cypress? We believe this should clear the cached version of Cypress and run your tests against the new version again.

Please let us know the results!

[jcheo1]

Tried clearing the App Data. That did not work.
I was refering to Fix #5432 which I thought addressed the issue I had since 3.5.0.
The main problem I believe is the command cy.setCookie('UI','admin_ui') does not get set in the browser when running Cypress.
Switching back to 3.4.1 confirms that this feature used to work.

[bcholewinski]

I have the same problem.
It works correctly when I use cypress on my local project.
But we have also pre-built instance and cypress can't create cookies there.
3.4.1 works fine.
3.5.0 and 3.6.0 have this problem
// windows 10 pro and chrome

[treylon]

I'm experiencing the exact same problem. Not operation on cookies works since Cypress 3.5.0 (also not fixed in 3.6.0) on both Electron or directly with Chrome (using Ubuntu)
Therefore even the following snippet always fails.

  cy.setCookie('my-cookie', '')
  cy.clearCookie('my-cookie')
  cy.clearCookies()
  cy.wait(1000)
  cy.getCookie('eversports-manager.sid').should('be.null')

[PetMou]

We are using XSRF-TOKEN in combination with cookies. Since 3.5.0 this is not working any more. Not fixed in 3.6.0, not fixed in 3.6.1 So back to cypress 3.4.1 :(

    const options = {
           method: 'DELETE',
           url: 'api/v1/something-something-something',
           headers: {
             'X-XSRF-TOKEN': 'test123',
             cookie: 'DWD_JWT_TOKEN=' + cookie.value + ';XSRF-TOKEN=test123'
           },
           failOnStatusCode: false
         };
         cy.request(options);

[stevemckenzie]

I've upgraded to 3.6.1 and our login issue still exists as well.

We have a pretty simple authentication endpoint that we are hitting which sets cookies. Once we get an HTTP status of 200, we assume the user is logged in and start a test but this is not working since 3.4.x.

I can see that the set-cookie in headers of our endpoint response are correct.

[flotwig]

Hi everyone,

I'm trying to reproduce this problem currently. Can any of you supply me with the exact 'Set-Cookie' headers sent by your web server during normal operation?

You can view these headers through the Network tab of the Chrome DevTools.

[stevemckenzie]

@flotwig

{
  headers: {
   set-cookie: [
     "session-development-new=s%3APtCc3lNiuqN0AtR9ffgKUnUsDzR5n_4B.qzFDJDvqx8PZNvmOkmcexDs7fRJLOel56Z8Ii6PL%2BFo; Domain=localhost.test; Path=/; Expires=Tue, 18 Feb 2020 21:14:15 GMT; HttpOnly",
   ],
 },
}

[stevemckenzie]

@flotwig any updates around this? 🙃

[flotwig]

@stevemckenzie There are 2 fixes to cookies bugs scheduled for 3.7.0:

• Fix regression in 3.5.0 where a cy.visit that changes superdoma… #5702
• Issue 5656 Fix validation of cookie domain #5657

I believe the latter will fix your issue since you're setting a cookie on a Domain and it's not working as expected.

[stevemckenzie]

Thanks for the update @flotwig !

[flotwig]

Hey @jcheo1 and others in this thread, version 3.7.0 of Cypress has been released with some fixes for cookie behavior. Please try it out and see if it fixes your issue.

[stevemckenzie]

Thanks for another update @flotwig !

Unfortunately, I still have the same issue. Is there any other info I can get for you?

[jcheo1]

@flotwig Much appreciated.
However, I don't believe the issue is fixed.
Previously in 3.4.1, I was able to set cookies with no issue. =>

cy.setCookie('UI', 'admin_ui');

Currently, in order to get around this, I need to specify the domain in the options.= >

cy.setCookie('UI', 'admin_ui', { domain: Cypress.env("domain") });

[PetMou]

Thanks @flotwig, but for us the issue is only partly resolved in 3.7.0

We are using xsrf tokens (to prevent cross-site request forgery.

GET REST operations now work fine. But these operations ignore the token. PUT, POST or DELETE operations however still fail and return a 403. It looks like the token-part is being stripped or maimed from the cookie. So unfortunately we still stay with version 3.4.1

[bcholewinski]

When I use cy.setCookie for domain like http://client.loc:8088 everything works fine.
but when I use cy.setCookie on http://klient-selenium-one.smf.aaa.lan/ cookies are not created.

Maybe domains with . are the problem?

Cypress 3.7.0
Electron 73
Windows 10 home

[PetMou]

When I use cy.setCookie for domain like 'http://client.loc:8088' everything works fine.
but when I use cy.setCookie on http://klient-selenium-one.smf.aaa.lan/ cookies are not created.
Maybe domains with . are the problem?
Cypress 3.7.0
Electron 73
Windows 10 home

Might be related with our issue: cookies with xsrf token contain a ';' (semicolon)

[flotwig]

Hi people still experiencing issues with cookies in Cypress 3.7.0,

I've isolated & fixed a bug introduced in 3.5.0 which makes it so that explicit cookie headers set on cy.visit and cy.request do not work as expected, please check out this issue to see if it matches what you are experiencing: #5894

[flotwig]

We are using XSRF-TOKEN in combination with cookies. Since 3.5.0 this is not working any more. Not fixed in 3.6.0, not fixed in 3.6.1 So back to cypress 3.4.1 :(

    const options = {
           method: 'DELETE',
           url: 'api/v1/something-something-something',
           headers: {
             'X-XSRF-TOKEN': 'test123',
             cookie: 'DWD_JWT_TOKEN=' + cookie.value + ';XSRF-TOKEN=test123'
           },
           failOnStatusCode: false
         };
         cy.request(options);

@PetMou I believe your issue will be resolved with #5894, since you are running into problems explicitly setting Cookie. That fix will be out in 3.8.0.

[PetMou]

@PetMou I believe your issue will be resolved with #5894, since you are running into problems explicitly setting Cookie. That fix will be out in 3.8.0.

Thank you, Zach That would be great! I'll let you know

[flotwig]

3.8.0 has been released, please check to see if it resolves any issues.

[PetMou]

Thank you Zach! For me, the issue is resolved in 3.8.0

[flotwig]

@treylon I'm not able to reproduce that issue in 3.8.0, try updating.

@stevemckenzie @bcholewinski @jcheo1 How go things? Have you guys tried using 3.8.0 to see if it resolves the issue?

[stevemckenzie]

@flotwig we still have the same problem.

Our login tests which use our login form work fine but our custom Cypress.Commands that we added and usually use in a beforeEach does not seem to fully work..

If I look at cy.getCookies() after we use our custom loginAs command, I can see that the cookie is indeed set but our app seems to think we are not so this looks like an improvement at least.

[stevemckenzie]

@flotwig I just tried 3.8.1 and still have this issue.

[stevemckenzie]

Any updates or suggestions @flotwig ?

[flotwig]

@stevemckenzie at this point, it would be most helpful if you could provide a reproducible example of the bug that I can run locally. Unfortunately, my attempts to build one based off of the info in this issue have not been successful.

Feel free to contact me via the email on my profile if your source code is private but you'd like to share it to help reproduce this.

[jennifer-shehane]

I know this thread was encompassing a variety of cookie issues. Many of which have been resolved since 3.8.0 aside from @stevemckenzie.

I'll be closing this issue as resolved.

If you're experiencing a bug similar to this in Cypress, please open a new issue with a fully reproducible example that we can run (or email to [email protected] if private). There may be a specific edge case with the issue that we need more detail to fix. I think this will cut down on the noise from the other resolved issues already in here.