set cookie on client browser from rest endpoint ?

Question

set cookie on client browser from rest endpoint ?

walshe opened this issue 7 years ago · 7 comments

hi again,
maybe you know the answer to this..

I am trying to store a cookie e.g 'xxx' on the client from a rest endpoint in the app e.g. api/bla , so that I can grab request.state.xxx inside my other routes.

I notice that when i set the cookie from a rest endpoint it is not visible in the browser, and does not get passed to regular browser routes when I hit browser paths e.g. localhost:8080/users

however I notice that the cookie IS available in other restful routes e.g. api/foo

is there someway of telling the xhr library to store the cookie in the browser ? I tried the 'withCredentials' config but it didnt work

hope you can help
thanks

Answer 1 · 2017-08-10T17:20:48.000Z

actually I just noticed that after using xhr's 'withCredentials:true', that the set-cookie instruction is now in the rest response, however its still not showing up in the chrome dev tools cookie pane .. :(

cache-control:no-cache
Connection:keep-alive
content-encoding:gzip
content-type:application/json; charset=utf-8
Date:Thu, 10 Aug 2017 17:17:57 GMT
set-cookie:anothercookie=avaluesetbyaRESTendpoint; SameSite=Strict
strict-transport-security:max-age=15768000
Transfer-Encoding:chunked
vary:accept-encoding
x-content-type-options:nosniff
x-download-options:noopen
x-frame-options:DENY
x-xss-protection:1; mode=block

Answer 2 · 2017-08-10T18:04:10.000Z

finally figured it out - these two changes are necessary

add withCredentials to jsonfetch xhr config

const jsonFetch = function (options, callback) {

    const cookies = Cookie.parse(document.cookie);
    const config = {
        url: options.url,
        method: options.method,
        withCredentials: true,
        headers: {
            'Accept': 'application/json',
            'Content-Type': 'application/json'
        }
    };

and when creating a cookie , add a path

server.state('mycookiename', {  
            ttl: 1000 * 60 * 60 * 24,    // cookie data is JSON-stringified and Base64 encoded
            path: '/'
          });

Answer 3 · 2017-08-11T22:11:10.000Z

Should we close this?

Answer 4 · 2017-08-11T23:45:04.000Z

dunno man, something is not working right for me.. here is my auth . (after i validate with google i put jwt in a cookie in another component, that all works fine, and the following works good too)

server.auth.strategy('session', 'cookie', {
        password: Config.get('/cookieSecret'),
        cookie: Config.get('/cookieName'),
        isSecure: false,
        redirectTo: '/',
        appendNext: 'returnUrl',
        validateFunc: function (request, data, callback) {
            //we simply validate the jwt token that we put in a cookie
            jwtVerificationService.verifyJWT(data, function(err){
                if(err){
                    callback(err, false);
                }else{
                    callback(null, true);
                }
                
                
            });
        }
    });
    
    next();

But when I delete the cookie manually so that I can test the authentication on the rest endpoint, althought the rest call returns 401, it does not call that callback as mentioned above.. it just does the dispatch and doesnt come back

Answer 5 · 2017-08-12T00:22:45.000Z

Are you talking about #238 or this issue?

Answer 6 · 2017-08-12T00:59:46.000Z

sorry, I meant 238 yes

Answer 7 · 2017-08-12T03:19:55.000Z

Ok I'm going to close this issue.