Reputation: 2594
I couldn't think of any suitable title.
I have two websites under my control. Domain A and domain B. Domain B sets all required CORS header for domain A.
Domain A makes an ajax request to domain B. With this request a session on domain B is created and a cookie with a jsessionid is sent back.
Domain A makes another ajax request with the just received cookie. Some value are set on the session of domain B. This does work as expected.
Then, when I open a new tab and browse to domain B the browser does not send the cookie from the ajax requests. Why is that?
Is the cookie from the ajax requests only temporarily valid and only valid for ajax requests?
Additional testing
The above described behavior applies to IE 11. I just did a test in latest Chrome and it does not work at all. No cookie is sent with any subsequent ajax requests.
Example request:
$.ajax({
url: url,
success: function() {
// do something
},
xhrFields: {
withCredentials: true
}
});
Upvotes: 2
Views: 1539
Reputation: 1039588
Try setting the withCredentials
flag when making your AJAX requests:
$.ajax({
url: 'http://www.domainb.com/some-resource',
type: 'GET',
xhrFields: { withCredentials: true },
});
This will force the browser to persist the cookie that has been set during a cross domain request and send it automatically on subsequent calls.
UPDATE:
I have setup a working example here: https://jsfiddle.net/bhL0vqe3/4/
Upvotes: 1