Hey everyone! I’m in a pickle with my Shopify app. It’s getting rejected because of cookie issues, but I swear I didn’t add any cookies myself! I only use session storage.
When I check my browser, I see a bunch of cookies that seem to be from Shopify. I started with their CLI-generated code, so I’m not sure what’s going on.
These are the cookies I see:
- koa.sess.sig
- shopifyNonce.sig
- shopifyNonce
- koa.sess
- shopify.granted_storage_access
I’m pretty sure I’m not setting these myself, and I don’t think they’re from any third-party stuff I’m using on purpose.
Has anyone run into this before? Any ideas on how to fix it or what I should do next? I’m kinda stuck here and could really use some advice from fellow developers. Thanks in advance!
I’ve dealt with this exact problem recently. Those cookies are indeed set by Shopify’s system, not your code. They’re essential for app functionality and security. The rejection is likely due to Shopify’s stricter cookie policies. To resolve this, you need to update your app’s privacy policy to explicitly mention these cookies and their purpose. Also, implement a cookie consent banner if you haven’t already. It’s a bit of a hassle, but once I made these changes, my app sailed through the approval process. Don’t forget to clearly explain in your resubmission that you’re using Shopify’s standard authentication flow and these cookies are part of that.
I’ve encountered a similar issue with Shopify apps before. The cookies you’re observing are added by Shopify’s infrastructure rather than by your own code, and they handle session management and authentication. It appears that Shopify’s recent policy changes regarding cookies might be causing the rejection. I addressed this by reviewing Shopify’s cookie and privacy policies, ensuring I had appropriate cookie consent in place, and modifying the privacy statement to include Shopify-generated cookies. This approach helped me get my app approved.
ive run into this too, mate. those cookies are from shopify itself, not ur code. theyre for auth and stuff. shopify’s gettin stricter with their policies lately. u gotta update ur privacy policy to mention these cookies and add a consent banner. it’s annoying but itll help u get approved. good luck!