Menu
I am currently working on my API which is in charge of authentication and all the API endpoints being consumed on my SPA. The API is running on api.domain.com and the SPA is running on www.domain.com. All on the same SSL certificate (wildcard type).
Unfortunately when i return Set-cookie in the header from api.domain.com it is not saved, but i can see it in Chromes debugger.
My session is as following:
'Set-cookie':'__Secure-ID=38afes7a8-38afes7a8-38afes7a8-38afes7a8; Expires=Mon, 11-Sep-2017 23:03:13 GMT; Secure; HttpOnly; Domain=.domain.com'
Theres no problems retrieving it and reviewing it in the browser, but it won't stay and does not obey the Expire, it simply disappears when i navigate into other endpoints of api.domain.com or even www.domain.com.
What is the problem?
747
Your Expires field isn't using the proper format. You should change the Expires field to Mon, 11 Sep 2017 23:03:13 GMT.
116
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
