Cookies not sent by the browser on one server with another port

Question

Cookies not sent by the browser on one server with another port

I am sending an httponly / secure cookie to the client from my default port server. The request from the client does not indicate the port number for this and returns a cookie in response.

When another call is made to the same server with a different port, cookies are not sent to the server. whereas if I make a call without a port number, cookies are sent.

What am I missing here? Should something be needed for the cookie to be sent through the cross domain. According to RFC 6265, cookies are not specific to the port, is this specific browser behavior that prevents this? I tried Firefox and chrome and it did not work on both.

+6

http browser firefox google-chrome cookies

user3565529 Feb 18 '16 at 3:58

source share

1 answer

Zappatta · Answer 1 · 2019-04-30T14:15:38+0000

Although this is an old question, I am posting it to people who have run into a problem and ended up here. This is likely due to cross-origin policies.

This can be circumvented by making sure your server sends CORS " allow-credentials " headers . And then you need to send your XHR with the withCredentials parameter .

Cookies not sent by the browser on one server with another port

More articles: