Login: jQuery's AJAX doesn't handle Set-Cookie header
ColoredCarrot opened this issue · 1 comments
submit.js: after successful authentication, the server sends a Set-Cookie header along with the response containing znews_auth=(some token). This cookie is not saved by the browser (at least not visibly, but even if it were begin saved behind the scenes, it is not sent with other requests).
The Set-Cookie header functions properly on the (test) page /admin/index, setting the cookie (according to AdminIndexResource) and sending it with subsequent requests.
A solution may be not to log in through ajax but redirect to a success page, which could set the cookie. However, that goes against current design decisions.
Update: The reason for the bug was that the resource responding with Set-Cookie was located on /api/..., but the cookie must be set on /admin/*. I'm currently implementing a fix.