Browser not sending cookie in subsequent request

Question

Working with a project, where using cookie for user identification.

When user arrives, it calls the service (which is running in localhost) and the service sending cookie with the response header looks like below:

curl 'http://127.0.0.1:8000/api/v1.0/tracking' -X OPTIONS -H 'Access-Control-Request-Method: POST' -H 'Origin: http://local.com:8080' -H 'Access-Control-Request-Headers: content-type,x-forwarded-for' --compressed

The response header looks like below:

HTTP/1.1 200 OK
Connection: keep-alive
Keep-Alive: 60
Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, x-forwarded-for
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, PATCH, GET
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Set-Cookie: id=random_id_123_123; expires=Wed, 06-Dec-2017 10:57:36 GMT; Domain=.local.com; Path=/

And then after a specific user action, the app is sending following API request:

curl 'http://127.0.0.1:8000/api/v1.0/tracking?event=video_added&user_id=123123123' -H 'Origin: http://local.com:8080' -H 'Accept: */*' -H 'Referer: http://local.com:8080/' -H 'Connection: keep-alive' --compressed

The request header for the above request looks like below:

GET api/v1.0/tracking?event=video_added&user_id=123123123 HTTP/1.1
Host: 127.0.0.1:8000
Connection: keep-alive
Accept: */*
Origin: http://local.com:8080
User-Agent: My user agent
Referer: http://local.com:8080/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

I was expecting the cookie (random_id_123_123) to be received with the first request as response header would be the request header for the second request.

The website is running on: http://local.com:8080 (which actually running on local machine and my vhost config pointing 127.0.0.1 local.com) and its being served by python SimpleHTTPServer.

The backend service which is setting the cookie is running on port 8000 in localhost also. Seems I have missed something during the implementation. Whats that?

Edit: Here is the code.

Answer 1

Your issue is that cookies are only sent based on the domain. Your code has

var settings = {
  "crossDomain": true,
  "url": "http://127.0.0.1:8000/api/v1.0/tracking?event=video_added&tracking_id=123123123",
  "method": "GET",

}

The url is 127.0.0.1:8000 and it should be local.com:8000 if you want the cookies to be passed.

Answer 2

Last time I checked, curl doesn't have enabled the cookies by default.

To do so you will need to:

• Use the parameter -b /path/to/cookiejar to read cookies.
• Use the parameter -c /path/to/cookiejar to write cookies.

So your requests should become:

curl -c cookiejar 'http://127.0.0.1:8000/api/v1.0/tracking' \
-X OPTIONS -H 'Access-Control-Request-Method: POST' \
-H 'Origin: http://local.com:8080' \
-H 'Access-Control-Request-Headers: content-type,x-forwarded-for' \
--compressed

And:

curl -b cookiejar 'http://127.0.0.1:8000/api/v1.0/tracking?event=video_added&user_id=123123123' \
 -H 'Origin: http://local.com:8080' \
 -H 'Accept: */*' \
 -H 'Referer: http://local.com:8080/' \
 -H 'Connection: keep-alive' --compressed