Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem with sending cookies #311

Closed
MykytaLiashenko opened this issue Apr 11, 2016 · 4 comments
Closed

Problem with sending cookies #311

MykytaLiashenko opened this issue Apr 11, 2016 · 4 comments

Comments

@MykytaLiashenko
Copy link

I have react-redux application and server on nodejs. I make authentication using jsonwebtoken. After I receive token on client side I put it inside httpOnly cookie. Next I make an authorized request to API with flag credentials : 'include', but I receive empty object instead of cookie on server.
I was trying twise. First on localhost ans second - using two aws ec2 instances. Same result - I can't get my cookie. I don't know is it an issue, but it could be and I want to know how to send cookie properly.
@dgraham
Copy link
Contributor

dgraham commented Apr 11, 2016

An HttpOnly cookie may only be set by the server in an HTTP response. Client-side scripts cannot read or send HttpOnly cookies—they must be managed by the browser and server.

See #236, #163, and #138 for cookie discussions.

@dgraham dgraham closed this as completed Apr 11, 2016
@MykytaLiashenko
Copy link
Author

Thanks for your answer. Unfortunately,the problem is still not solved. I am setting cookies with res.cookie() on Node.JS server, then I make fetch with credentials : 'include' option and I have no cookie in request according to my server log.

@mislav
Copy link
Contributor

mislav commented Apr 11, 2016

I'm sorry that your problem isn't solved yet. The think with cookies is that their handling is left entirely by the browser. In browsers that support window.fetch natively, such as Chrome and Firefox at the time of this writing, cookies will be handled hopefully according to the WHATWG fetch spec. If you see that's not the case, then you'll have to take it with the respective browser's bug trackers.

In other browsers, such as Safari and IE, this polyfill will kick in and implement fetch using XMLHttpRequest as the underlying implementation. In this case, we also don't have any way of manipulating how cookies are handled— that is left entirely to the browser's implementation of XMLHttpRequest. So, it's very unlikely that this project (the polyfill) can break cookie handling because it never had any access to it in the first place.

Most people's problems with cookies in the past ultimately boiled down to their improper approach to cross-origin requests (CORS). If the requests that you're making with fetch are to another domain name (or a different port number even), you will have to double-check all the server headers that can affect CORS requests. Other than this, we can't really help you with this particular authentication problem. If everything else fails, you can always implement authentication not using cookies, but exchanging some kind of token manually via custom headers or URL query parameters.

@aqnaruto
Copy link

i agree with you ,CORS with cookie is never worked! @mislav @NikitaLiashenko

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 5, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mislav @dgraham @MykytaLiashenko @aqnaruto