I'm AJAXing a call to a another services API, which is then supposed to return a cookie that will be set in my browser to allow me to make the rest of my API calls.
However, while the response headers include a 'Set-Cookie' header, no cookie is ever actually set. I'm using Google Chrome.
Here is the Response Headers:
Access-Control-Allow-Origin:*
Cache-Control:no-cache
Connection:keep-alive
Content-Encoding:gzip
Content-Length:37
Content-Type:application/json
Date:Thu, 25 Jun 2015 18:27:37 GMT
Expires:Thu, 25 Jun 2015 18:27:36 GMT
Server:nginx/1.4.6 (Ubuntu)
Set-Cookie:sessionid=67cb9796aa794a4975b28876ea6dd3d5; expires=Thu, 09-Jul-2015 18:27:37 GMT; httponly; Max-Age=1209600; Path=/
Vary:Cookie
And here is the AJAX call:
$.ajax({
type: "POST",
crossDomain: true,
contentType: 'text/plain',
data: data,
url: urlhere
success: function(result, status, xhr){
console.log('hi');
console.log(xhr.getAllResponseHeaders());
},
error: function(xhr){
console.log(xhr.status);
console.log(xhr.statusText);
}
});
The Chrome resources page also shows that no cookie is being set. Any and all help would be greatly appreciated!
Check out the OPTIONS response header ACCESS-CONTROL-ALLOW-CREDENTIAL whether it is set to true . If the server doesn't allow credentials being sent along, the browser will just not attach cookies and authorization headers. So this could be another reason why the cookies are missing in the POST cross-site request.
The Set-Cookie header is sent by the server in response to an HTTP request, which is used to create a cookie on the user's system. The Cookie header is included by the client application with an HTTP request sent to a server, if there is a cookie that has a matching domain and path.
To send cookies to the server, you need to add the "Cookie: name=value" header to your request. To send multiple Cookies in one cookie header, you can separate them with semicolons. In this Send Cookies example, we are sending HTTP cookies to the ReqBin echo URL.
The Set-Cookie HTTP response header is used to send a cookie from the server to the user agent, so that the user agent can send it back to the server later. To send multiple cookies, multiple Set-Cookie headers should be sent in the same response.
You need to append withCredentials
to your XHR call, this answer shows how to do that with jQuery. https://stackoverflow.com/a/7190487
Without that additional flag, the browser will not accept a set-cookie header.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With