I'm wondering how I can set a cookie from a REST API call (the goal is to then use this cookie on another subdomain). I'm running on-prem retool on
dashboard.company.com and I'd like to use the cookie on
sub.company.com. I'm making a REST request to an endpoint that sets the cookie (with properties
Domain=.company.com ; Path=/; HttpOnly; Secure; SameSite=None ). However, retool doesn't set this cookie in the browser. If I don't set
Domain , the cookie gets set (prefixed with
____rmc_____4 ) but it doesn't transfer over to the subdomain.
Would appreciate any help!
Hey Anmol! We have a Beta feature flag for on-prem customers to set cookies on the browser level. Could you please email me at julie @ retool.com, and I'll get you enrolled!
@anmolj Was this resolved? I have the same problem where my REST API (Authentication API) sends a
Set-Cookie header with properties
Domain=.company.com ; Path=/; HttpOnly; Secure; SameSite=None, but Retool sets the cookies (
___rmc____7__*) at the domain
retool.company.com instead of
.company.com and the cookie is not transferred to the subdomain.
Can you try setting
ENABLE_CLIENT_SIDE_CUSTOM_AUTH_BROWSER_CALLS=true as documented here and let me know if that helps with the issue?
@Kabirdas I tried the above mentioned setting. But, it's still the same. I see that Retool still sets the cookies (
___rmc____7__* ) at the domain
retool.company.com instead of
.company.com and the cookie is not transferred to the subdomain
For anyone who stumbles across this thread - @Prudhvi was able to solve this by making the request directly from the browser by using a
For completion, I also want to add that the environment variable mentioned above enables a particular auth step that can be used to make API requests directly from the browser:
Doing so allows more flexibility when setting cookies. Namely, you should be able to:
- Create a resource called “Cookie API” or something similar. The base URL should be a URL that always returns 200
- Select custom authentication and add a “Browser API request" step as pictured in the screenshot above
- Configure the "Browser API request" step to hit your cookie API
- Create an app with an “Auth Login” component
- Select the “Cookie API” from the dropdown
- Click that button to be authed with the right cookie
One note to go along with this is that, when using the Custom Auth solution, dynamic values from an app cannot be passed directly to the authing resource. While it's possible to add a form step to the Custom Auth flow to accept user inputs this isn't always an ideal solution so it may be worth exploring other avenues like the one Prudhvi took!
I've a similar issue with cookie forward prefixed without domain... I can try the fetch but I need my OAUTH2_TOKEN to call my API that set the cookie. But I guess that is not on the browser ?
Hey @Jean-Baptiste_PIN you should be able to get the OAUTH2_TOKEN using custom auth, save it to a variable and then use it in the headers of the Browser request so that you can properly set the cookie.