SetCookie header not stored

Question

I'm currently making a web app with node/express.js for the API and Vue.js for the front-end.

For the authentication, I set a JWT and send the value via a cookie (HttpOnly). The "SetCookie" is in the response request in Chrome/Firefox debugger but apparently it is not stored anywhere ! When I try to make requests which need the cookie, the requests headers don't contain any cookie. I really don't understand why :/. After some researches, I thought it was because I was working on localhost, so I moved my server on the cloud and set a false domain for the front by modifying the hosts file, but it still doesn't work.

here an example of response request : Response header

Set the cookie on server:

res.cookie('token', token, {
     path: '/',
     domain: '.shareinfo.io',
     httpOnly: true, 
     maxAge: 86400000 // 24h
});

If someone has an idea or a solution, it would be very nice !

Thank you, regards,

Alvyre

Alvyre · Accepted Answer

FINALLY, after some head bangs on my computer and researches on forums, I found the issue.

I ignored credentials on client request, thinking it was not important for authentication, but it was a huge mistake.

In fact credentials include cookies, so if you don't set credentials to 'true' when you make your request to your server/API, all returned cookies will be ignored. you have to authorize credentials both on your server and client.

so the final code was to add this option variable to my POST request : (with Vue.js)

//Request options (CORS)
    var options = {
        headers: {
        },
        credentials: true
    };

//Make your HTTP request:
    this.$http.post(, payload, options).then((response) => {
        //success
    }, (response) => {
        //error
    });

SetCookie header not stored

Answers (2)

Related Questions