New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 201 users

Issue metadata

Status: Fixed
Buried. Ping if important.
Closed: Feb 2013
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

issue selenium:818

Show other hotlists

Hotlists containing this issue:

Sign in to add a comment

Issue 56211: chrome.cookies fails for localhost domains

Reported by, Sep 19 2010

Issue description

Call chrome.cookies.set({domain: "localhost", name: "foo", value: "bar", url: "http://localhost/"});

Expect: Cookie to be set

Get: Error during cookies.set: Failed to parse or set cookie named "foo".

Comment 1 by, Sep 20 2010

Labels: -Area-Undefined Area-Internals
Status: Invalid
You can only set domain cookies for registry controlled domains, i.e. something ending in .com or so, but not IPs or intranet hostnames like localhost

Comment 2 by Deleted ...@, Aug 2 2011

Why wouldn't you allow cookies for 'localhost'? As a developer this is quite annoying...

Comment 3 by, Oct 27 2011

I am in the same boat. I love chrome, but my work needs me to work on localhost... so I have to use Firefox, and I lose all my favorite features and interfaces.

Comment 4 by, Nov 15 2011

Some companies as the one I am working for do not have dns servers for security reasons.
So some internal web based applications have ip adresses assigned. Now none of them works with Chrome any more. 
Even when adding in /etc/hosts the ip adress and the host it isn't working.
I think this is not a smart move for Chrome.

Comment 5 by, Nov 21 2011

please explain why you consider setting cookies for localhost or IPs as invalid.

also please give the RFC(s) that state that this is invalid.

Comment 6 by, Jan 15 2012

please answer to comment #5

Comment 7 by, Apr 2 2012


Answer comment #5

Comment 8 by, Apr 2 2012

Bump too.

Please answer comment #5

Comment 9 by Deleted ...@, Apr 12 2012


Answer comment #5.
As for now, Chrome users will get a notification using our systems, and are asked to install a proper browser that don't fiddle with stuff like this.

Comment 10 by Deleted ...@, May 25 2012


Please answer comment #5.

Actually we do not use chrome any more in our company because our intranet sites is not available

Comment 11 by, Jun 8 2012

Please answer comment #5.

Comment 12 Deleted

Comment 13 by, Jun 8 2012

I've have faced a problem in chrome and IE9,
working on localhost, when I use the function setcookie() in PHP and give it all the parameters, the cookie won't be stored!! which is not the case for FF and Opera!!,
but when I try it just with the cookie name, the value, and the expiry date parameters all goes right and the cookie is stored...and now here are the two PHP codes that I have used:

Function with all of the parameters: 
setcookie( 'reloginID', $digest, time()+60*60*24*7, '/', 'localhost', false, true); /*=== Works normaly in FF and Opera ===*/

Function with less parameters:
 setcookie( 'reloginID', $digest, time()+60*60*24*7); 

So can any one explain that ...
Thank you in advance ;)

Comment 14 by, Jun 8 2012

The problem in your code is the parameter "localhost". This is the topic of this discussion: Chromium has introduced a limit that prevents cookies to work when the parameter "domain" is used with the value "localhost". It surprised everyone and they do not explain very clearly why they introduced this limitation ...

Comment 15 by, Jun 8 2012

Thanks for clarifying.

Comment 16 by Deleted ...@, Jul 11 2012

Very surprised by this!  What is the reasoning?

Comment 18 by, Jul 18 2012

 Issue 137827  has been merged into this issue.

Comment 19 by Deleted ...@, Aug 10 2012

Bump.  Still a problem nearly 2 years later.  Please address, or at the very least try to defend your incorrect position so we can fault your reasoning and get a developer to accept that the issue needs fixing.

Comment 20 Deleted

Comment 21 by Deleted ...@, Aug 19 2012

I have no idea?

Comment 22 by Deleted ...@, Aug 27 2012

While being different and innovative is nice, this "feature", even if its not part of the specs, is used by so many people, especially developers, me included.  

Please answer comment #5 and introduce a way to enable Cookies on localhost, even though a hack with the hosts file can fix it.

Comment 23 by, Sep 28 2012


Comment 24 by Deleted ...@, Nov 11 2012


Comment 25 by Deleted ...@, Nov 12 2012


Comment 26 by Deleted ...@, Nov 21 2012

Please answer comment #5

Comment 27 by Deleted ...@, Nov 26 2012

Dear Google just what are you doing? I really don't need to mention this but I will. As a web developer from the very early days before even web developers ever really existed, some 18 years ago nearly. I find it impossible to understand your logic at not including the facility to accept cookies from a localhost server. I would expect many thousands of developers are scratching their heads at this, even now.

I only recently decided to start using Chrome as well as other browsers to make sure the sites that I design and code are as near to the original design as possible. Every browser has its quirks and I like many thousands of others would expect and require this facility within a web browser. So why?

Comment 28 by, Dec 1 2012

ACME Expense Report.xlsx
16.9 KB Download

Comment 29 by Deleted ...@, Dec 3 2012

For those who have encountered this issue with localhost or other non-registered domains, removing the domain= part from the cookie will allow the cookie to be set for the requesting domain, but not any subdomains. In PHP, use NULL for domain.

Comment 30 by Deleted ...@, Dec 5 2012

Workaround for developers using /etc/hosts: it looks weird, but just add a .com to whatever name you were using for,, etc. work fine in /etc/hosts and that way Chrome will accept the cookies.

Comment 31 Deleted

Comment 33 by Deleted ...@, Jan 26 2013


Comment 34 by, Feb 17 2013

Still bumping question #5 (why are localhost or local IP cookies invalid?). 
To those getting notifications, sorry.

Comment 35 by, Mar 10 2013

Project Member
Labels: -Area-Internals Cr-Internals

Comment 36 by, Mar 12 2013

I can't believe this STILL has not been fixed. The safest way to develop, is to develop locally, try to do nastiness locally, and after it is hardened then publish. I can't do that with your browser because of this dumb bug ...

Comment 37 by, Mar 28 2013

Everything has been said. As web developers most of us create/test a site on localhost before uploading..

Comment 38 by, Mar 28 2013

I have been having to use Firefox to develop locally. This is annoying as it does not have my favorite developer toolset.

Please add support or give us a work around.

Comment 39 by Deleted ...@, Apr 18 2013

I use IE for development. Its really frustrating.

Comment 40 by Deleted ...@, Apr 28 2013

I just spent hours trying to figure out why my cookies weren't being accepted from a "localhost" ajax response. It would really be nice to have this feature.

Comment 41 by, May 8 2013

I found a solution. Until they fix this, I only test for firefox and IE.

Comment 42 by, Jul 2 2013

It clearly doesn't work, moving to another browser is our only option for commercial product development. Hello, anybody home?

Comment 43 by Deleted ...@, Jul 11 2013

Dear google you are WASTING our time.

Comment 44 by Deleted ...@, Jul 11 2013

RFC 2965 (, section 3.3.2 states "[reject cookie if]  The value for the Domain attribute contains no embedded dots, and the value is not .local". 

Not sure, but that might be the reason why these cookies are rejected and might answer comment #5. Would be nice to get that confirmed by Google...

Comment 45 by, Aug 9 2013

same problem here. I really would like to use chrome when working on my localhost ....

Comment 46 by, Aug 12 2013

Google...why make a developer's life so hard?  

Please fix this

Comment 47 by, Sep 11 2013

"+1 Me too ! "

Comment 48 Deleted

Comment 49 by, Sep 13 2013

I have been using --enable-file-cookies on my shortcut and it allows me to use local cookies. This might just be the fix you are looking for!

Comment 50 by, Sep 27 2013

Needed because I work in locations where internet is often not available, hence need local dev environments.

Comment 51 by, Nov 26 2013

Is this for real?  How come the other browsers allow this and Chrome does not?

I don't understand the rational behind rejecting this issue instead of fixing it.

Comment 52 by, Nov 26 2013

I guess the simplest fix is to add an entry to the hosts file, like

and then calling instead of just localhost.

but having said that, this restriction is ridiculous IMO.

Comment 53 by, Jun 20 2014


#5 is still waiting for answer.

As #44 mentions RFC 2965 explains the reasoning behind 'localhost'
And yes, since localhost is technically a top level domain, you could argue that it would be safest not to accept cookies.. You also wouldn't want it to accept a cookie for the entire .com TLD.

For local IP adresses, I have not a clue why...

A better alternative would be to ask the user whether to accept or deny a cookie in these situations.

Comment 54 by Deleted ...@, Jun 26 2014

I'd love to hear explanation too. This is VERY annoying.

Comment 55 by, Jun 27 2014

Just spend two hours trying to understand what is going on with a new intranet test server.

#5 still need an answer!

Comment 56 by, Jun 27 2014

#52 nailed it, i edit my hosts file to make things flow better in general

Comment 57 by, Jul 17 2014

#5 in November of 2011 is still unanswered.....

Comment 58 by Deleted ...@, Aug 26 2014

I am not sure its relevant but i came to this article searching for the similar issue. In my case i was passing localhost as Cookie domain and testing on localhost. The Set-Cookie header was being passed to web browser but cookie was not being created and was not being passed back to server on subsequent requests.

I found this article on SOF

which says
when working on localhost (!) the cookie-domain must be set to "" or NULL or FALSE instead of "localhost"

Source of reference is:

This solution works fine for me.

I hope it helps someone...


Comment 59 by, Oct 4 2014

Pls, answer #5.

Comment 60 by, Oct 4 2014

why not just edit the hosts file and the vhosts file to match?

Comment 61 by, Jun 17 2015

At the very least, can we get a message in console? "REJECTED COOKIE FOR ____ REASON" This is a stupid bug. It works in Firefox, and I'm confused as to why those of us with static hosts can't make this work here..

If the set-cookie header is encountered and the domain does not have two dots, we should warn in the console.

Comment 62 by Deleted ...@, Jul 21 2015

Silly bug that seems unnecessary since fixing it presents no issues... other than resolution, lol

Comment 63 by, Aug 19 2015

they are very obviously oblivious to their user base or developers... which is why I no longer give a crap what my sites look like in Chrome.

Comment 64 by, Sep 14 2015

I am in the same boat. I love chrome, but my work needs me to work on localhost... so I have to use Firefox, and I lose all my favorite features and interfaces.

Comment 65 by Deleted ...@, Sep 14 2015

I have not read all the previous comments but I am able to set, delete, altar and read cookies on localhost in Chrome. Just use the local host IP address or with or without the http:// infront of it. If you have apps that require a domain name add a workaround thatchanges back to the ip address after the app has been satisfied.

Comment 66 by, Nov 7 2015

Project Member
The following revision refers to this bug:

commit e99453bd606cfba6902d82d1e363826d21b0c6a8
Author: mkwst <>
Date: Sat Nov 07 10:33:25 2015

Treat exact domain match cookies on public suffixes as host cookies.

Historically, we've rejected any cookie with a `domain` attribute for
hosts that we treat as public suffixes. This patch loosens that stance
by treating cookies whose domain attribute exactly matches the host as
host cookies.

This matches the language in step 5 of section 5.3 of RFC 6265
(, and
matches both Firefox and IE's behavior.

BUG= 56211 , 551906,

Review URL:

Cr-Commit-Position: refs/heads/master@{#358523}


Comment 67 by, Nov 11 2015

Labels: M-49
Status: Fixed

Comment 68 by, Nov 11 2015

 Issue 551906  has been merged into this issue.

Comment 69 Deleted

Comment 70 by, Feb 27 2016

See comment #4 I have almost exactly the same problem.

Comment 71 Deleted

Comment 72 Deleted

Comment 73 by, May 15 2018

Maybe related issue:

If you have a secure cookie with same name set by https://localhost, your cookie will fail to be set, and you will not know that one exists unless you visit the page from https://localhost.

Comment 74 by, Jun 15 2018

Cookies are not sent to the dev url when I issue a GET request in the rest client. However when the same url opened directly in the browser, cookies are sent.

I have tested all the previous versions of Chrome and found that the last time it worked successfully is v50.0.2661.75.
v51.0.2704.84 fails and every version thereafter.
201 KB View Download
47.6 KB View Download

Sign in to add a comment