We’re evaluating Apidog for our company, but ran into a blocker: session cookies don’t persist in hosted docs.
Our FastAPI backend uses cookie-based auth. After login, the server sends a Set-Cookie header, but in Apidog’s hosted docs, the cookie isn’t stored or sent in later requests. This breaks all authenticated workflows.
We suspect this is due to cross-origin restrictions. However, this makes secure endpoint testing unusable for our team — a key part of our workflow.
Request: Please consider adding an option to allow session cookies in hosted docs (e.g., “Enable session cookies” or “First-party mode”). We’re happy to configure headers and understand the risks — we just need cookie support.
Thanks! We’d love to move forward with Apidog if this gets addressed.
Hi Suvam,
Currently, cookies can persist in hosted docs when the cross-origin setting is set to “No Proxy”.
Let us know if you need any help configuring this.
Just to clarify — I’ve already set up the hosted docs with no proxy mode, as suggested.
The core issue is that even though the Set-Cookie header is sometimes received after login, the session cookie doesn’t consistently get stored or sent in subsequent requests. So when we call any protected endpoint, it returns an error like “no logged in user”, indicating that the session cookie isn’t being included in the request.
Let me know if there’s anything else I should configure on my side, or if this could be related to browser restrictions on third-party cookies.
Please try opening the developer tools and check if the relevant cookies are stored in the Application Cache after a successful login. Also, monitor the console for any errors during the first request and subsequent requests.
If possible, share your docs URL so we can investigate faster.
Yes, I noticed there’s an error in the console on each login attempt.
Since the documentation is internal and contains confidential information, I can’t share the hosted docs link publicly here. Would it be possible for me to share it with you via DM or email instead?
Hi, Suvam. We’ve tested it and it really doesn’t work because it’s a browser security behavior. We can only set cookies for the current domain name. We expect to support the feature you need in June. Thank you for your patience.
Request: Please consider adding an option to allow session cookies in hosted docs (e.g., “Enable session cookies” or “First-party mode”). We’re happy to configure headers and understand the risks — we just need cookie support.
