#Cookie not sending to domain i have specified

/help i am trying to sent access token as json body and refresh token as cookie when the user has logged in. After successful login, access token was sent but refresh token was not. frontend is vue and port is 8080 and spring server is on port 8090. Below is the api for user log in

    public ResponseEntity<String> loginUser(@Valid @RequestBody UserLoginDto userLoginDto,
                                            HttpServletResponse response){
        String email = userLoginDto.getEmail();
        JSONObject jsonObject = new JSONObject();
        try {
            if (userService.isUserAlreadyLogin(userLoginDto.getEmail(), userLoginDto.getPassword())){
                UserEntity userEntity = userService.getUserByEmail(email);
                String accessToken = jwtService.generateToken(userEntity.getName());
                jsonObject.put("accessToken", accessToken);

                RefreshToken token = refreshTokenService.getRefreshTokenIfNotExistsGenerateOne(userEntity);
                String refreshToken = token.getToken();
                Cookie cookie = new Cookie("refreshToken",refreshToken);
                cookie.setPath("/");
                cookie.setMaxAge(86400);
                                cookie.setDomain("localhost:8090");
                System.out.println("Domain : " + cookie.getDomain() + " Path : " + cookie.getPath() + " MaxAge : " + cookie.getMaxAge());
                response.addCookie(cookie);
                return new ResponseEntity<>(jsonObject.toString(),HttpStatus.OK);
            }
            jsonObject.put("message", "user not login yet");
            return new ResponseEntity<>(jsonObject.toString(),HttpStatus.UNAUTHORIZED);
        }catch (Exception e){
            jsonObject.put("message", "Internal server error");
            System.out.println(e);
            return new ResponseEntity<>(jsonObject.toString(), HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }

⌛ This post has been reserved for your question.

Hey @tiny pine! Please use /close or the Close Post button above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically closed after 300 minutes of inactivity.

TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.

💤 Post marked as dormant

This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use /help ping.
Warning: abusing this will result in moderative actions taken against you.

💤 Post marked as dormant

This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use /help ping.
Warning: abusing this will result in moderative actions taken against you.

💤 Post marked as dormant

This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use /help ping.
Warning: abusing this will result in moderative actions taken against you.

Can you show the exact response with headers?

Why do you explicitly set the domain of the cookie and why does that include the port?

should i not do that

Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/plain;charset=UTF-8
Content-Length: 180
Date: Sun, 31 Dec 2023 02:40:49 GMT
Connection: close

I don't think the port is necessary and idk whether it's even allowed

omg i remove set domain method and it works

i though setting domain would restrict where to sent cookie

by default, the cookie is only available in the current domain

you can check this in the browser devtools

but the port isn't part of the domain

so if set domain to localhost without ports is it the same as default?

i check the cookie from browser dev tool now it is saved in the brower after user has logged in

thanks man

If you are finished with your post, please close it.
If you are not, please ignore this message.
Note that you will not be able to send further messages here after this post have been closed but you will be able to create new posts.