All geek questions in one place

Browser does not save cookie from response header

I'm trying to do something, perhaps simple and simple: set a cookie! But the browser (tested by Chrome and Safari) just ignores them. Therefore, the response headers look like this:

Access-Control-Allow-Credentials:true Access-Control-Allow-Origin:* Connection:keep-alive Content-Encoding:gzip Content-Type:application/json; charset=utf-8 Date:Wed, 19 Jul 2017 04:51:51 GMT Server:nginx Set-Cookie:UserAuth=<some jwt>; Path=/; Domain=10.10.1.110; Expires=Wed, 19 Jul 2017 12:51:51 GMT; HttpOnly; Secure Transfer-Encoding:chunked Vary:Origin

The request includes withCredentials=true . But the cookie section in Chrome is empty. I tried to completely remove the domain, deleting the path, every configuration that I can think of, but the browser just won’t play the ball.

What am I missing?

+5
source share
2 answers

So it turns out that the original request had "withCredentials = true" as the request header, and was not set in the XMlHttpRequest configuration object.

0
source

Your cookie showing HttpOnly; Safe;

Using the HttpOnly flag when creating a cookie helps reduce the client-side risk of script access to a secure cookie

The purpose of a secure flag is to prevent cookies from unauthorized parties in connection with the transmission of cookies in clear text. By setting the security flag, the browser will prevent the transmission of the cookie over an unencrypted channel.

Cookies will be interrupted when passing through HTTP with a secure flag in the TLS layer. Therefore, check your preferences and configure your cookies accordingly.

0
source

Source: https://habr.com/ru/post/1269957/

More articles:


All Articles