Reputation: 2594
Cross origin, cookies and session
I couldn't think of any suitable title.
I have two websites under my control. Domain A and domain B. Domain B sets all required CORS header for domain A.
Domain A makes an ajax request to domain B. With this request a session on domain B is created and a cookie with a jsessionid is sent back.
Domain A makes another ajax request with the just received cookie. Some value are set on the session of domain B. This does work as expected.
Then, when I open a new tab and browse to domain B the browser does not send the cookie from the ajax requests. Why is that?
Is the cookie from the ajax requests only temporarily valid and only valid for ajax requests?
Additional testing
The above described behavior applies to IE 11. I just did a test in latest Chrome and it does not work at all. No cookie is sent with any subsequent ajax requests.
Example request:
$.ajax({
url: url,
success: function() {
// do something
},
xhrFields: {
withCredentials: true
}
});
Upvotes: 2
Views: 1539
Answers (1)
Reputation: 1039588
Try setting the withCredentials flag when making your AJAX requests:
$.ajax({
url: 'http://www.domainb.com/some-resource',
type: 'GET',
xhrFields: { withCredentials: true },
});
This will force the browser to persist the cookie that has been set during a cross domain request and send it automatically on subsequent calls.
UPDATE:
I have setup a working example here: https://jsfiddle.net/bhL0vqe3/4/
Upvotes: 1
Related Questions
- Keeping the cookie after a cross-domain ajax request
- Jquery Ajax CORS + HttpOnly Cookie
- Cookies are not set from Cross domain AJAX request
- Send Ajax request with custom cookies to another domain
- Can Ajax make a Cross-Origin Login?
- Cookies on cross domain requests
- Cross Domain Cookies with jQuery and jQuery Cookie
- Using Ajax with Cookies
- multi-sub-domain cookies and ajax problems
- jQuery/Ajax requests on a Cross Site server don't use the (auth) cookie set on that server