2

I have frontend on https://somedomain.dev (angular) and api on https://api.somedomain.dev (so I have same domain but different subdomain - this is important because for different whole domains Safari will block all cookies). I send 3 requests to API in following order

  • POST /api/user/login - in response server set HttpOnly COOKIE (with authorisation token: JWT
  • GET /api/user/profile - to get user profile (browser should add COOKIE to request)
  • GET /api/buildings - to get buildings (browser should add COOKIE to request)

Problem: Safari add cookie only for GET profile and NOT add cookie to GET buildings (Chrome, Firefox and Edge add COOKIE to each GET request)

All requests details (headers etc.):

Question: Why Safari not add cookie to buildings request and what to do to force Safari (using javascript or server code) to add cookie to all requests (after login) ?

Improve this question
2
  • And you are using withCredentials on both requests? Commented Apr 23, 2020 at 12:56
  • @David - yes - on all requests (I use interceptor do do it) Commented Apr 23, 2020 at 12:58

1 Answer 1

Reset to default
2

Ok - after loooong analysing requests finally I found the problem - in login response the server set in Set-Cookie header the cookie life time by

Max-Age: 43200;

this works on Chrome, Firefox and Edge - but NOT on Safari (probably Safari treat this as 1s cookie life-time and this is why it add cookie only for first GET request) - so I change it to

max-age=43200;

and now works everywhere :)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.