Hi, I finally decided to solve this problem:
Client side, in angularJS I put this in my config-route to apply to all requests in the ReST-API
$httpProvider.defaults.withCredentials = true;
I think that basically I should use in .htaccess for the web server:
Header add Access-Control-Allow-Credentials "true"
but for your attention, I completely updated the entire .htaccess file:
Header add Access-Control-Allow-Origin "http://localhost:3000" Header add Access-Control-Allow-Credentials "true" Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type" Header add Access-Control-Allow-Methods "GET, POST" RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [QSA,L] <FilesMatch "\.php$"> Order Allow,Deny Deny from all </FilesMatch> <FilesMatch "index[0-9]?\.php$"> Order Allow,Deny Allow from all </FilesMatch>
I also use the following for JSON response in php: $ response = "desired OBJECT JSON response"; $ status = 'OK or unauthenticated or ...'; $ status = '200 or 403 or ...'; Title ("Content-Type: Application / JSON"); header ("HTTP / 1.1 $ status $ status_message"); echo json_encode ($ response); Output();
Hope this question and answer help you