Menu
I am sending a httponly/secure cookie to the client from my server running at default port. From the client, the request does not specify any port number for this and gets the cookie back in response.
When another call is made to the same server with different port, the cookies are not sent to the server. whereas if I make the call without any port number, the cookies are sent.
What am I missing here? Is there anything needs to be enabled in order for cookie to be sent cross domain. According to RFC 6265, cookies are not port specific, then is it specific browser behavior thats preventing this? I have tried Firefox and chrome and its not working on both.
510
Although this is an old question, I'm posting this for people who encounter the problem and find themselves here. This is likely caused by cross origin policy.
It can be circumvented by making sure your server sends "allow-credentials" CORS headers. And then you need to send your XHR with a "withCredentials" parameter.
75
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
