Google App Engine Front Controller removes Cookies from Response Header

[Ajith Kumar]

Google App Engine's Front Controller removes the cookies from the response header set by my Laravel Framework 8.83.4 / PHP 7.4 application.

Cookie's are being set properly when hosted locally. But, they are not set when I hosted it on Google's App Engine. So, Users can't persist the login session.

curl -i http://localhost:8000/login

HTTP/1.1 200 OK
Host: localhost:8000
Date: Tue, 15 Mar 2022 02:58:10 GMT
Connection: close
X-Powered-By: PHP/7.4.13
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, private
Date: Tue, 15 Mar 2022 02:58:09 GMT
Set-Cookie: XSRF-TOKEN=ey<Some Cookie Hash>jIiwidGFnIjoiIn0%3D; expires=Tue, 15-Mar-2022 04:58:09 GMT; Max-Age=7199; path=/; samesite=lax
Set-Cookie: laravel_session=ey<Some Cookie Hash>0IiwidGFnIjoiIn0%3D; expires=Tue, 15-Mar-2022 04:58:09 GMT; Max-Age=7199; path=/; httponly; samesite=lax

curl -i < App Engine Hosted application URL >

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-Cloud-Trace-Context: 059b8f86bf1606e70b01890a017f1b61;o=1
Date: Tue, 15 Mar 2022 02:56:57 GMT
Server: Google Frontend
Content-Length: 10005
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Here is the snip of index.php. I tried dumping the response (Commented below). My application is properly adding cookie to the response header. But, front controller removes it I think.

Index.php

$app = require_once __DIR__.'/../bootstrap/app.php';

$kernel = $app->make(Kernel::class);

$response = $kernel->handle(
    $request = Request::capture()
);

// dd($response); // Response contains cookie. Headers are similar to the locally hosted app.

$response->send(); // Response doesn't contain cookie. Front controller is removing the cookie I think.

$kernel->terminate($request, $response);

Some people have discussed to set the cookie at the top of each and every HTML page. But, that is not convenient and scalable for us.

If using our own php server instead of Google App Engine's Front Controller is the solution, Let me know the correct way to set entrypoint in app.yaml

Please guide me to the correct way to resolve this issue. Thanks.

[barrado]

Hi,

According to the App Engine Standard documentation some headers are ignored and removed from the request response. Also headers with non-ASCII characters in either the name or value are removed. I am not sure if this applies to your case but you might want to look at that documentation and see if this is your case.