3

I'm currently making a web app with node/express.js for the API and Vue.js for the front-end.

For the authentication, I set a JWT and send the value via a cookie (HttpOnly). The "SetCookie" is in the response request in Chrome/Firefox debugger but apparently it is not stored anywhere ! When I try to make requests which need the cookie, the requests headers don't contain any cookie. I really don't understand why :/. After some researches, I thought it was because I was working on localhost, so I moved my server on the cloud and set a false domain for the front by modifying the hosts file, but it still doesn't work.

here an example of response request : Response header

Set the cookie on server:

res.cookie('token', token, { path: '/', domain: '.shareinfo.io', httpOnly: true, maxAge: 86400000 // 24h });

If someone has an idea or a solution, it would be very nice !

Thank you, regards,

Alvyre

Improve this question

2 Answers 2

Reset to default
2

FINALLY, after some head bangs on my computer and researches on forums, I found the issue.

I ignored credentials on client request, thinking it was not important for authentication, but it was a huge mistake.

In fact credentials include cookies, so if you don't set credentials to 'true' when you make your request to your server/API, all returned cookies will be ignored. you have to authorize credentials both on your server and client.

so the final code was to add this option variable to my POST request : (with Vue.js)

//Request options (CORS) var options = { headers: { }, credentials: true }; //Make your HTTP request: this.$http.post(<url>, payload, options).then((response) => { //success }, (response) => { //error });
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I have this problem for almost a week as well and figured out that setting credential to true should do the trick. If you are using Vue use an interceptor so that you don't need to call it per request

Vue.http.interceptors.push((request, next) => { request.credentials = true; next(); });
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.