Menu
We are working on a RESTful Webservice with AngularJS and Java Servlets. When the user logs in, our backend sends a "Set-Cookie" header to the frontend. In Angular we access the header via $cookies (ngCookie - module) and set it. 
Now that the user is logged in he can for example delete some stuff. Therefore the frontend sends a GET request to the backend. Because we work on different domains we need to set some CORS Headers and Angular does an OPTIONS request before the actual GET request:
OPTIONS request: 
GET request 
We do this in Angular via $http module, but it just won't send the cookie, containing JSESSIONID.
How can I enable Angular to send cookies?
249
If the server doesn't allow credentials being sent along, the browser will just not attach cookies and authorization headers. So this could be another reason why the cookies are missing in the POST cross-site request.
After receiving an HTTP request, a server can send one or more Set-Cookie headers with the response. The browser usually stores the cookie and sends it with requests made to the same server inside a Cookie HTTP header.
To add cookies to a request for authentication, use the header object that is passed to the get/sendRequest functions. Only the cookie name and value should be set this way. The other pieces of the cookie (domain, path, and so on) are set automatically based on the URL the request is made against.
After receiving an HTTP request, a server can send one or more Set-Cookie headers with the response. The cookie is usually stored by the browser, and then the cookie is sent with requests made to the same server inside a Cookie HTTP header. An expiration date or duration can be specified, after which the cookie is no longer sent.
An HTTP response can include multiple Set-Cookie headers. The client returns multiple cookies using a single Cookie header. The scope and duration of a cookie are controlled by following attributes in the Set-Cookie header: Domain: Tells the client which domain should receive the cookie.
To set a cookie, the server includes a Set-Cookie header in the response. The format of a cookie is a name-value pair, with optional attributes. For example: Here is an example with attributes: To return a cookie to the server, the client includes a Cookie header in later requests.
After receiving an HTTP request, a server can send one or more Set-Cookie headers with the response. The browser usually stores the cookie and sends it with requests made to the same server inside a Cookie HTTP header.
In your config, DI $httpProvider and then set withCredentials to true:
.config(function ($httpProvider) { $httpProvider.defaults.withCredentials = true; //rest of route code }) Info on angularjs withCredentials: http://docs.angularjs.org/api/ng.$http
Which links to the mozilla article: https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#section_5
168
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
