Cookie not set when posting with fetch()

Question

Alright, so I have come across a rather weird problem.

I am creating a login instance for users.

When I post the login form without fetch() it works. My browser (both Firefox and Chrome) sets the cookie properly and I can be "authenticated".

However, when I send the data via fetch() it does not setcookie() in the backend.

NOTE: The assumption is that the credentials are correct.

This is my PHP login script

$user = htmlentities($_POST['username'], ENT_QUOTES);
$pass = htmlentities($_POST['password'], ENT_QUOTES);
$remember = isset($_POST['rememberme']) ? true : false;

$login = $PHPAuth['auth']->login($user, $pass, $remember);

/**
 * $PHPAuth == [
 *   'config' => PHPAuthConfig(),
 *   'auth'   => PHPAuth()
 */ 


if($login['error']) {
    echo json_encode($login);
} else {
    // create new cookie
   setcookie(
       $PHPAuth['config']->cookie_name,
       $login['hash'],
       $login['expire'],
       '/',          # path
       'localhost',  # domain
       false,        # HTTPS
       true          # HTTP-ONLY
    );
    echo json_encode($login);
}

The fetch() script is at its bare minimum, only requesting body and method. I removed any extra headers to see if it would help. It didn't:

function postForm(url, data) {
  return fetch(url, {
      body: data,
      method: 'post'
    })
    .then(response => response.json());
}

FOR REFERENCE: I am using this PHPAuth library.

Answer 1

By default, fetch does not have cookies enabled, you can do so by adding the credentials option and setting it to same-origin:

function postForm(url, data) {
  return fetch(url, {
      credentials: "same-origin",
      body: data,
      method: 'post'
    })
    .then(response => response.json());
}

Read more about Request.credentials at MDN.