padibro padibro - 3 months ago 12
reST (reStructuredText) Question

Chrome don't send back cookie

I have a web app. To work it usestwo server:


  • Application server (based on Delphi datasnap) SERV_A

  • WebServer apache SERV_W



These are the user steps:

STEP1 Login

The user call index page from SERV_W, write user and password and call a procedure by HTTP POST to SERV_A. SERV_A respond by a session_id passed by a Cookie (response header has
Set-Cookie: sessionid=123456
)

STEP2 Get url list

The user call another SERV_A procedure by HTTP GET to retrieve a list of url
For example an url is: http://host_serv_a:port/datasnap/rest/TServerMethods1/getPDF/003

STEP3 Click on a link

The user sees a list of link and click on one of those.
Automatically the browser do an HTTP GET to retrieve the resource to SERV_A.

Ok, this is my problem:
On STEP3 SERV_A want the sessionId, passed in a cookie but the browser never send the cookie. Why? My browser (Chrome) don't have limitation to manage cookie.
enter image description here

Answer

I have found a solution here https://divshot.com/blog/static-apps/cookies-and-cors/ (Web Standards Are Awesome)

To manage cookies correctly server and client have to agree:

  • Client: set withCredentials option to true in the ajax call
  • Server: set Access-Control-Allow-Credentials: true header in the response