Skip to main content

Cookie Scope And SameSite Behavior

Doc type: Explanation

The portal sets cookies on .yoyogroup.com so subdomains can share the session.

SameSite and Secure

  • SameSite controls how cookies are sent on cross-site requests.
  • When SameSite=none, cookies must be Secure.
  • The portal enforces Secure=true whenever SameSite=none.

Local development

For HTTP development, disable secure cookies and omit the cookie domain so localhost can receive cookies.