Home > Back-end >  Is it possible to authenticate a mobile app with SameSite=Strict cookies?
Is it possible to authenticate a mobile app with SameSite=Strict cookies?

Time:11-07

My app is absolutely security critical. I finished building its web version with SameSite=Strict cookies. Now that I'm building its mobile version I can't seem to make the cookies work.

I was expecting a seamless cross-platform cookie experience, but from a mobile perspective the origin is "http://localhost" and not "https://my-website.com". Are mobile apps limited to SameSite=None cookies?

CodePudding user response:

You can set a custom hostname by setting this preference in your config.xml

 <preference name="hostname" value="my-website.com" />
  • Related