1

I'm making a call to the WebApi service, which sets the cookie in the response object. The call is made from angularjs via $resource So this is the server code:

CookieHeaderValue cookie = new CookieHeaderValue("Token", "blah") { HttpOnly = true, Expires = DateTime.Now.AddYears(10), Path="/"  };
response.Headers.AddCookies(new CookieHeaderValue[] { cookie });

This works, I can see the Set-Cookie header in a response, however the cookie is not being set.

A friend of mine had to set xhrFields' withCredentials to true when he was using jQuery, so I wonder if there's something that needs to be configured in angular as well ?

Improve this question
3
  • Is the api on the same domain as the page making the request? Commented Mar 5, 2013 at 0:53
  • No, different domains. Commented Mar 5, 2013 at 17:40
  • @Evgeni did you got the answer? because i'm stuck in the same situation. Commented Jan 10, 2017 at 6:52

1 Answer 1

Reset to default
1

There could be a number of things going on.

First, since you are on separate domains, you may need to implement CORs (cross origin resource sharing), but it seems that the request is being made successfully. I'm not sure why that works, I would think that browsers would prevent it. In any case here's a jsfiddle that illustrates using CORs with angularjs to make both $http & $resource requests. The trick seems to be to configure the $http service:

 $http.defaults.useXDomain = true;

Another thought is that cookies from one domain, can't be accessed by another domain. Here is another question on cookies with angularjs, but the request and server seem to be on the same domain. Here is a discussion on cookie domains, and how they are applied.

If it's possible I would try to get the cookie request/response working on the same domain, and then move the client to another domain.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

According to this groups.google.com/forum/?fromgroups=#!topic/angular/kl2BVOubG4I - there's no such option as useXDomain. Tried it anyway, didn't make a difference. Also, I should've made myself more clear - although the client sits on a different domain, it is a server setting and reading the cookie, so CORS should be irrelevant in this case, I think. It is an ajax call, but from a browser point of view this makes no difference, afaik.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.