CODEWITHSUNDEEP
javascriptajaxcookieshttp-headershttpresponse
ton
ton

Reputation: 1145

Get and store cookie (from Set-Cookie) from an AJAX POST response

I have a simple jQuery AJAX POST code:

$.ajax({
    type: "POST",
    url: AppConstants.URLs.PROXY,
    data: message,
    xhrFields: {
        withCredentials: true
    },
    success: function(data, status, xhr) {
        console.log("Cookie: " + xhr.getResponseHeader("Set-Cookie"));
    }
});

and I wish to get the cookie and save it using cookies-js.

But according to http://www.w3.org/TR/XMLHttpRequest/#the-getallresponseheaders%28%29-method:

  1. Return all response headers, excluding headers that are a case-insensitive match for Set-Cookie or Set-Cookie2, as a single string, with each header line separated by a U+000D CR U+000A LF pair, excluding the status line, and with each header name and header value separated by a U+003A COLON U+0020 SPACE pair.

Using the Network tool in Chrome, "Set-Cookie" is visible in the Response headers. I also verified that the "Set-Cookie" header appears using curl.

What do I have to do to save the cookie in my front end app? Also, my app is running on https only.

I'd gladly provide more details upon request.

Upvotes: 11

Views: 67948

Answers (2)

Quentin
Quentin

Reputation: 943547

You can't get the cookie data in your JS. The API won't allow you.

What do I have to do to save the cookie in my front end app?

Just set the Set-Cookie header in the response from the server side code. The browser should save it automatically.

As a developer, you may be able to inspect the value of the cookies using "Developer Tools".

And the same cookie will be sent in subsequent requests to the same domain, until the cookie expires.

Upvotes: 16

MrE
MrE

Reputation: 20768

The browser cannot give access to 3rd party cookies like those received from ajax requests for security reasons, however it takes care of those automatically for you!

For this to work you need to:

1) login with the ajax request from which you expect cookies to be returned:

$.ajax("https://example.com/v2/login", {
     method: 'POST',
     data: {login_id: user, password: password},
     crossDomain: true,
     success: login_success,
     error: login_error
  });

2) Connect with xhrFields: { withCredentials: true } in the next ajax request(s) to use the credentials saved by the browser

$.ajax("https://example.com/v2/whatever", {
     method: 'GET',
     xhrFields: { withCredentials: true },
     crossDomain: true,
     success: whatever_success,
     error: whatever_error
  });

The browser takes care of these cookies for you even though they are not readable from the headers nor the document.cookie

see my answer here: How to get a cookie from an AJAX response?

Upvotes: 9

Related Questions