Authentication Cookies allow you to configure the cookie-based authentication behavior of the application you develop on the Kuika platform. With these settings, you can control how auth cookies are transmitted in cross-site requests and in HTTP/HTTPS environments.
These settings are located under the Configuration Manager module in the App Settings tab and affect only the application associated with the selected configuration.
Authentication Cookies Steps
Open the Configuration
Log in to the Kuika platform.
Select and open the project you want to work on from the Apps screen.
Click the Configuration Manager module in the top menu.
Select the configuration you want to edit from the left panel.
Click the App Settings tab and go to the Authentication Cookies section.
Allow Cross-Site (SameSite=None)
The Allow Cross-Site toggle determines whether auth cookies are carried over in requests from different domains.
When the toggle is in the on position, cookies are marked as SameSite=None and are sent in cross-site requests. This setting must be enabled if your application runs within an iframe or receives API calls from a different domain.
When the toggle is in the off position, the browser adds cookies only to requests from the same domain.
When the Cross-Site setting is enabled, the Allow HTTP setting must be disabled as a browser-level requirement. These two settings cannot work together. Cross-site requests must use the HTTPS protocol.
Allow HTTP (Disable Secure Flag)
The Allow HTTP toggle determines whether auth cookies can be transmitted over HTTP connections.
When the toggle is in the on position, the Secure flag is removed from cookies, and cookies can be transmitted over HTTP connections.
When the toggle is in the off position, cookies are marked as Secure and are transmitted only over HTTPS connections.
The Allow HTTP setting should not be enabled when using Cross-site. For Cross-site cookie usage, cookies must be set to SameSite=None; Secure. Since Secure cookies cannot be transmitted over HTTP, Cross-site scenarios must use the HTTPS protocol.
Combined Use of Cross-Site and HTTP Settings
These two settings directly affect each other and cannot be configured independently:
Cross-Site enabled, Allow HTTP disabled: The transmission of auth cookies in cross-site requests is permitted. In this scenario, cookies are marked as SameSite=None; Secure and are transmitted only over HTTPS.
Cross-Site off, Allow HTTP off: Cookies are transmitted only in same-site requests and over HTTPS.
Cross-Site off, Allow HTTP on: The Secure flag is removed from cookies, and cookies can also be transmitted over HTTP connections. (Not recommended in production environments)
Cross-Site enabled, Allow HTTP enabled: This configuration is not supported. For cross-site cookie usage, cookies must be set to SameSite=None; Secure. Since Secure cookies cannot be transmitted over HTTP, the Cross-Site and Allow HTTP settings should not be enabled together.
When the Cross-Site setting is enabled, Allow HTTP must be disabled. Modern browsers require cookies marked as SameSite=None to carry the Secure attribute. Therefore, cross-site auth cookie scenarios must operate over HTTPS.
Save Settings
After configuring the settings, click the UPDATE button in the top-right corner.
You can use the CANCEL button to discard your changes.
