All geek questions in one place

Set cookie domain to IP address (using CORS)

I have a JavaScript application hosted on x.com that uses AJAX (via jQuery) to communicate with an Apache server hosted on a local network (with static IP, 192.168.1.5).

The Apache server provides an API that requires the user to have a specific set of cookies to use it.

My problem is that I cannot force the Apache server to set a cookie with the correct domain (192.168.1.5) so that the browser sends an cookie with an AJAX call.

Is it possible to set a cookie with an IP address as a domain? All the examples I've seen require the domain to be in the form example.org.

The scenario is as follows:

  • The JavaScript application on x.com sends an AJAX authentication request to 192.168.1.5 .
  • The response from 192.168.1.5 has a Set-Cookie header that should set a cookie in the 192.168.1.5 domain.
  • The JavaScript application on x.com sends an AJAX request to the API at 192.168.1.5 with a cookie from step 2 as part of the request.
+4
source share
1 answer

Both server and client must explicitly tell others that they want cookies.

Javascript

 xhrInstance.withCredentials = true;

Server header

 Access-Control-Allow-Credentials: true

https://developer.mozilla.org/en-US/docs/HTTP_access_control#Requests_with_credentials

To summarize: it has nothing to do with the IP address. host cookie host can be an IP address or domain name.

+3
source

Source: https://habr.com/ru/post/1437122/

More articles:


All Articles