Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I'm making a call to the WebApi service, which sets the cookie in the response object. The call is made from angularjs via $resource So this is the server code:

CookieHeaderValue cookie = new CookieHeaderValue("Token", "blah") { HttpOnly = true, Expires = DateTime.Now.AddYears(10), Path="/"  };
response.Headers.AddCookies(new CookieHeaderValue[] { cookie });

This works, I can see the Set-Cookie header in a response, however the cookie is not being set.

A friend of mine had to set xhrFields' withCredentials to true when he was using jQuery, so I wonder if there's something that needs to be configured in angular as well ?

share|improve this question
Is the api on the same domain as the page making the request? – Jason Mar 5 at 0:53
No, different domains. – Eugene Mar 5 at 17:40

1 Answer

up vote 0 down vote

There could be a number of things going on.

First, since you are on separate domains, you may need to implement CORs (cross origin resource sharing), but it seems that the request is being made successfully. I'm not sure why that works, I would think that browsers would prevent it. In any case here's a jsfiddle that illustrates using CORs with angularjs to make both $http & $resource requests. The trick seems to be to configure the $http service:

 $http.defaults.useXDomain = true;

Another thought is that cookies from one domain, can't be accessed by another domain. Here is another question on cookies with angularjs, but the request and server seem to be on the same domain. Here is a discussion on cookie domains, and how they are applied.

If it's possible I would try to get the cookie request/response working on the same domain, and then move the client to another domain.

share|improve this answer
According to this groups.google.com/forum/?fromgroups=#!topic/angular/kl2BVOubG4I - there's no such option as useXDomain. Tried it anyway, didn't make a difference. Also, I should've made myself more clear - although the client sits on a different domain, it is a server setting and reading the cookie, so CORS should be irrelevant in this case, I think. It is an ajax call, but from a browser point of view this makes no difference, afaik. – Eugene Mar 6 at 21:55

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.