frames-v2

How do cookies work in Frames V2? After authenticating a user with SIWF, I'm trying to set a session cookie but nothing seems to persist when testing in Warpcast's online debugger view

Engineer @farcaster. Founder bountycaster.xyz

Ex Phantom, 0x Project engineer.

From Italy originally, currently live in NYC

As a follow up on this - basic session functionality (set cookie, read cookie) works gracefully when using the same app on a regular browser

not much about frame V2, but how cookies are stored/used in cross-request env like iframe: cookie should be passed with SameSite = none, otherwise browser will check if it's under same domain of the caller domain

obviously, this makes it less secure because other websites can now use the cookie to make calls to your API, hence you need to limit API with proper CORS, so browser doesn't pass cookie unless the website in the list

Founder @payflow /payflow payflow.me /crimea 🇺🇦

Really useful thanks. Do you set cookies on Payflow frames (V2)?

not much about frame V2, but how cookies are stored/used in cross-request env like iframe: cookie should be passed with SameSite = none, otherwise browser will check if it's under same domain of the caller domain

obviously, this makes it less secure because other websites can now use the cookie to make calls to your API, hence you need to limit API with proper CORS, so browser doesn't pass cookie unless the website in the list 

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie