Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Setting a cookie domain to an IP address (using CORS)

I have a JavaScript application hosted at x.com which uses AJAX (through jQuery) to contact an Apache server hosted on the LAN environment (with a static IP, 192.168.1.5).

The Apache server exposes an API which requires the user to have a specific cookie set to use it.

My problem is that I can't get the Apache server to set a cookie with the correct domain (192.168.1.5), so that the browser sends the cookie with the AJAX call.

Is there any way to set a cookie with an IP as the domain? All examples I have seen require that the domain is of the form example.org.

The scenario is as follows:

  1. The JavaScript application at x.com sends an AJAX authentication request to 192.168.1.5.
  2. The response from 192.168.1.5 has a Set-Cookie header which should set the cookie to the 192.168.1.5 domain.
  3. The JavaScript application at x.com sends an AJAX request to the API at 192.168.1.5 with the cookie from step 2 as a part of the request.
like image 798
pwind Avatar asked Oct 06 '22 11:10

pwind


1 Answers

Both server and client need to explicitly tell the other that they want cookies.

JavaScript

xhrInstance.withCredentials = true;

Server Header

Access-Control-Allow-Credentials: true

https://developer.mozilla.org/en-US/docs/HTTP_access_control#Requests_with_credentials

To sum it up: it has nothing to do with the IP address. The host of the cookie can be an IP address or a domain name.

like image 127
Prinzhorn Avatar answered Oct 10 '22 01:10

Prinzhorn