New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 200 users
Status: Fixed
Owner:
Closed: Feb 2013
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Blocking:
issue selenium:818



Sign in to add a comment
chrome.cookies fails for localhost domains
Reported by dawag...@gmail.com, Sep 19 2010 Back to list
Call chrome.cookies.set({domain: "localhost", name: "foo", value: "bar", url: "http://localhost/"});

Expect: Cookie to be set

Get: Error during cookies.set: Failed to parse or set cookie named "foo".
 
Comment 1 by jochen@chromium.org, Sep 20 2010
Labels: -Area-Undefined Area-Internals
Status: Invalid
You can only set domain cookies for registry controlled domains, i.e. something ending in .com or so, but not IPs or intranet hostnames like localhost
Comment 2 by Deleted ...@, Aug 2 2011
Why wouldn't you allow cookies for 'localhost'? As a developer this is quite annoying...
Comment 3 by mr.shy...@gmail.com, Oct 27 2011
I am in the same boat. I love chrome, but my work needs me to work on localhost... so I have to use Firefox, and I lose all my favorite features and interfaces.
Comment 4 by aalexg...@gmail.com, Nov 15 2011
Some companies as the one I am working for do not have dns servers for security reasons.
So some internal web based applications have ip adresses assigned. Now none of them works with Chrome any more. 
Even when adding in /etc/hosts the ip adress and the host it isn't working.
I think this is not a smart move for Chrome.

please explain why you consider setting cookies for localhost or IPs as invalid.

also please give the RFC(s) that state that this is invalid.
please answer to comment #5
Bump.

Answer comment #5
Comment 8 by dk...@profideo.com, Apr 2 2012
Bump too.

Please answer comment #5
Comment 9 by Deleted ...@, Apr 12 2012
Bump

Answer comment #5.
As for now, Chrome users will get a notification using our systems, and are asked to install a proper browser that don't fiddle with stuff like this.
Comment 10 by Deleted ...@, May 25 2012
Bump

Please answer comment #5.

Actually we do not use chrome any more in our company because our intranet sites is not available
Please answer comment #5.

Comment 12 Deleted
I've have faced a problem in chrome and IE9,
working on localhost, when I use the function setcookie() in PHP and give it all the parameters, the cookie won't be stored!! which is not the case for FF and Opera!!,
but when I try it just with the cookie name, the value, and the expiry date parameters all goes right and the cookie is stored...and now here are the two PHP codes that I have used:

Function with all of the parameters: 
setcookie( 'reloginID', $digest, time()+60*60*24*7, '/', 'localhost', false, true); /*=== Works normaly in FF and Opera ===*/

Function with less parameters:
 setcookie( 'reloginID', $digest, time()+60*60*24*7); 

So can any one explain that ...
Thank you in advance ;)
The problem in your code is the parameter "localhost". This is the topic of this discussion: Chromium has introduced a limit that prevents cookies to work when the parameter "domain" is used with the value "localhost". It surprised everyone and they do not explain very clearly why they introduced this limitation ...
Thanks for clarifying.
Comment 16 by Deleted ...@, Jul 11 2012
Very surprised by this!  What is the reasoning?
 Issue 137827  has been merged into this issue.
Comment 19 by Deleted ...@, Aug 10 2012
Bump.  Still a problem nearly 2 years later.  Please address, or at the very least try to defend your incorrect position so we can fault your reasoning and get a developer to accept that the issue needs fixing.
Comment 20 Deleted
Comment 21 by Deleted ...@, Aug 19 2012
I have no idea?
Comment 22 by Deleted ...@, Aug 27 2012
While being different and innovative is nice, this "feature", even if its not part of the specs, is used by so many people, especially developers, me included.  

Please answer comment #5 and introduce a way to enable Cookies on localhost, even though a hack with the hosts file can fix it.
good
Comment 24 by Deleted ...@, Nov 11 2012
f
Comment 25 by Deleted ...@, Nov 12 2012
.........

Comment 26 by Deleted ...@, Nov 21 2012
Please answer comment #5 
Comment 27 by Deleted ...@, Nov 26 2012
Dear Google just what are you doing? I really don't need to mention this but I will. As a web developer from the very early days before even web developers ever really existed, some 18 years ago nearly. I find it impossible to understand your logic at not including the facility to accept cookies from a localhost server. I would expect many thousands of developers are scratching their heads at this, even now.

I only recently decided to start using Chrome as well as other browsers to make sure the sites that I design and code are as near to the original design as possible. Every browser has its quirks and I like many thousands of others would expect and require this facility within a web browser. So why?

ACME Expense Report.xlsx
16.9 KB Download
Comment 29 by Deleted ...@, Dec 3 2012
For those who have encountered this issue with localhost or other non-registered domains, removing the domain= part from the cookie will allow the cookie to be set for the requesting domain, but not any subdomains. In PHP, use NULL for domain.
Comment 30 by Deleted ...@, Dec 5 2012
Workaround for developers using /etc/hosts: it looks weird, but just add a .com to whatever name you were using for 127.0.0.1. localhost.com, myapp.com, etc. work fine in /etc/hosts and that way Chrome will accept the cookies.
Comment 31 Deleted
Comment 33 by Deleted ...@, Jan 26 2013
HOW DO I FIX THE SHOCK WAVE FLASH  FROM SAYING ISN'T RESPONDING OR HAS CRASHED  ANY HELP U CAN PROVIDE ME WITH WILL BE GREATLY THANKFUL.  YOURS TRULY JEFF GOODSTEIN .

Still bumping question #5 (why are localhost or local IP cookies invalid?). 
To those getting notifications, sorry.
Project Member Comment 35 by bugdroid1@chromium.org, Mar 10 2013
Labels: -Area-Internals Cr-Internals
I can't believe this STILL has not been fixed. The safest way to develop, is to develop locally, try to do nastiness locally, and after it is hardened then publish. I can't do that with your browser because of this dumb bug ... 
Everything has been said. As web developers most of us create/test a site on localhost before uploading..
I have been having to use Firefox to develop locally. This is annoying as it does not have my favorite developer toolset.

Please add support or give us a work around.
Comment 39 by Deleted ...@, Apr 18 2013
I use IE for development. Its really frustrating.
Comment 40 by Deleted ...@, Apr 28 2013
I just spent hours trying to figure out why my cookies weren't being accepted from a "localhost" ajax response. It would really be nice to have this feature.
I found a solution. Until they fix this, I only test for firefox and IE. 
It clearly doesn't work, moving to another browser is our only option for commercial product development. Hello, anybody home?
Comment 43 by Deleted ...@, Jul 11 2013
Dear google you are WASTING our time.
Comment 44 by Deleted ...@, Jul 11 2013
RFC 2965 (http://tools.ietf.org/html/rfc2965), section 3.3.2 states "[reject cookie if]  The value for the Domain attribute contains no embedded dots, and the value is not .local". 

Not sure, but that might be the reason why these cookies are rejected and might answer comment #5. Would be nice to get that confirmed by Google...
same problem here. I really would like to use chrome when working on my localhost ....
Comment 46 by chads...@gmail.com, Aug 12 2013
Google...why make a developer's life so hard?  

Please fix this
"+1 Me too ! "
Comment 48 Deleted
I have been using --enable-file-cookies on my shortcut and it allows me to use local cookies. This might just be the fix you are looking for!
Needed because I work in locations where internet is often not available, hence need local dev environments.
Comment 51 by i...@getrailo.org, Nov 26 2013
Is this for real?  How come the other browsers allow this and Chrome does not?

I don't understand the rational behind rejecting this issue instead of fixing it.
Comment 52 by i...@getrailo.org, Nov 26 2013
I guess the simplest fix is to add an entry to the hosts file, like

  localhost.com    127.0.0.1

and then calling http://localhost.com/ instead of just localhost.

but having said that, this restriction is ridiculous IMO.
Bump

#5 is still waiting for answer.

As #44 mentions RFC 2965 explains the reasoning behind 'localhost'
And yes, since localhost is technically a top level domain, you could argue that it would be safest not to accept cookies.. You also wouldn't want it to accept a cookie for the entire .com TLD.

For local IP adresses, I have not a clue why...

A better alternative would be to ask the user whether to accept or deny a cookie in these situations.
Comment 54 by Deleted ...@, Jun 26 2014
I'd love to hear explanation too. This is VERY annoying.
Comment 55 by dmice...@1ps.ru, Jun 27 2014
Just spend two hours trying to understand what is going on with a new intranet test server.

#5 still need an answer!
#52 nailed it, i edit my hosts file to make things flow better in general
#5 in November of 2011 is still unanswered.....
Comment 58 by Deleted ...@, Aug 26 2014
I am not sure its relevant but i came to this article searching for the similar issue. In my case i was passing localhost as Cookie domain and testing on localhost. The Set-Cookie header was being passed to web browser but cookie was not being created and was not being passed back to server on subsequent requests.

I found this article on SOF http://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain

which says
================
when working on localhost (!) the cookie-domain must be set to "" or NULL or FALSE instead of "localhost"
================

Source of reference is:
http://curl.haxx.se/rfc/cookie_spec.html

This solution works fine for me.

I hope it helps someone...

Thanks

Pls, answer #5.
why not just edit the hosts file and the vhosts file to match?
At the very least, can we get a message in console? "REJECTED COOKIE FOR ____ REASON" This is a stupid bug. It works in Firefox, and I'm confused as to why those of us with static hosts can't make this work here..

If the set-cookie header is encountered and the domain does not have two dots, we should warn in the console.
Comment 62 by Deleted ...@, Jul 21 2015
Silly bug that seems unnecessary since fixing it presents no issues... other than resolution, lol
they are very obviously oblivious to their user base or developers... which is why I no longer give a crap what my sites look like in Chrome.
I am in the same boat. I love chrome, but my work needs me to work on localhost... so I have to use Firefox, and I lose all my favorite features and interfaces.

Comment 65 by Deleted ...@, Sep 14 2015
I have not read all the previous comments but I am able to set, delete, altar and read cookies on localhost in Chrome. Just use the local host IP address 127.1.0.0 or 127.0.0.1 with or without the http:// infront of it. If you have apps that require a domain name add a workaround thatchanges back to the ip address after the app has been satisfied.
Project Member Comment 66 by bugdroid1@chromium.org, Nov 7 2015
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e99453bd606cfba6902d82d1e363826d21b0c6a8

commit e99453bd606cfba6902d82d1e363826d21b0c6a8
Author: mkwst <mkwst@chromium.org>
Date: Sat Nov 07 10:33:25 2015

Treat exact domain match cookies on public suffixes as host cookies.

Historically, we've rejected any cookie with a `domain` attribute for
hosts that we treat as public suffixes. This patch loosens that stance
by treating cookies whose domain attribute exactly matches the host as
host cookies.

This matches the language in step 5 of section 5.3 of RFC 6265
(https://tools.ietf.org/html/rfc6265#section-5.3), and
matches both Firefox and IE's behavior.

BUG= 56211 , 551906 
R=jochen@chromium.org,mmenke@chromium.org

Review URL: https://codereview.chromium.org/1414603010

Cr-Commit-Position: refs/heads/master@{#358523}

[modify] http://crrev.com/e99453bd606cfba6902d82d1e363826d21b0c6a8/net/cookies/canonical_cookie.cc
[modify] http://crrev.com/e99453bd606cfba6902d82d1e363826d21b0c6a8/net/cookies/cookie_store_unittest.h
[modify] http://crrev.com/e99453bd606cfba6902d82d1e363826d21b0c6a8/net/cookies/cookie_util.cc

Comment 67 by mkwst@chromium.org, Nov 11 2015
Labels: M-49
Owner: mkwst@chromium.org
Status: Fixed
Comment 68 by mkwst@chromium.org, Nov 11 2015
Cc: eisinger@chromium.org battre@chromium.org mkwst@chromium.org shinyak@chromium.org
 Issue 551906  has been merged into this issue.
wow really?
See comment #4 I have almost exactly the same problem.
Comment 71 Deleted
Comment 72 Deleted
Sign in to add a comment