When I log in to the background management system using the New Version of Google Browser (version 91), the cookie cannot be carried, leading to the failure of authentication.
why
In Chrome 51, the SameSite attribute is added to cookies to prevent user behavior tracking and CSRF attacks caused by cross-domain cookie carrying. In Chrome 80, the default SameSite attribute is None. Cross-domain requests can carry cookies. For Google Browser 80 or later, the default value of the SameSite attribute of cookie changes from None to Lax, causing cross-domain requests to fail to carry cookies by default.
To solve
1. Set SameSite to None. (Simple and crude, but with the stricter security policies of browsers in the future, third-party cookies will be completely disabled, so this method can only be used for emergencies.)
Right click on the Chrome shortcut — Properties — Target with a space after target plus launch parameters –disable-features=SameSiteByDefaultCookies
2. Use Nginx or other tools to proxy the cross domain into the same domain. (Recommended)
Juejin. Cn/post / 684490…
3. Use header Authorization for authentication, not cookies. (Recommended)
