I have an EXTJS application at http://extjs.domain1.com and a Laravel server application at http://domain2.com .
I noticed that some browsers (like Safari or old IE) set very strict cookie privacy settings by default. In the end, if the browser does not accept cookies, my laravel_session cookie cannot be saved and the user cannot log in.
My idea is to display the correct information for the user only if cookies cannot be saved in the current browser. So, when starting the ExtJS application after its initialization, I send an Ajax GET user request to the server (from domain1.com to domain2.com), and the server returns me a Set-Cookie header with a cookie sample. If the cookie is saved, it will mean that the browser settings are in order (please correct me if I am mistaken).
Now my cookie name is Time. The ajax answer in firebug is as follows:
HTTP/1.1 200 OK
Date: Wed, 03 Feb 2016 12:19:32 GMT
Server: Apache
Set-Cookie: Time=1454511121; expires=Wed, 03-Feb-2016 14:54:11 GMT; Max-Age=9279; path=/; laravel_session=LONG
Cache-Control: no-cache
Access-Control-Allow-Origin: http://extjs.domain1.com
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Origin, Content-Type
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json
I have tried many combinations. Every time when
console.log(document.cookie)
returns an empty string.
The cookie "Time" is displayed in firebug> Cookies, and it is NOT httponly.
The "expires" of "Time" is greater than the current browser / computer date.
"" cookie "/" .
"" cookie ".domain1.com", "extjs.domain1.com".
? document.cookie , firefox , -httponly cookie.
.
Set-Cookie :
Set-Cookie:Time=1454511121; expires=Wed, 03-Feb-2016 14:54:11 GMT; Max-Age=7715; path=/;
Set-Cookie:laravel_session=LONG
Set-Cookie, , .
Chrome cookie " " > "" > "-" > " cookie". cookie Dev > > > extjs.domain1.com