https://stackoverflow.com/questions/14197702
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe issue was caused because of zepto library being used, which had the particular problem of not passing the cookie (some known issue of the library). When jQuery was used instead, all worked as expected.
HttpOnly cookie, ajax request and server-side security in a js client application
-
13-01-2022 - |
Question
I have a js client applcation that uses an http-only cookie to store the currently authenticated user's credentials. The application uses the data in the cookie to perform the per-request authentication.
However, the application does make ajax requests that unfortunately do not include the cookie. When the server comes to process these requests, it believes it has no cookie, therefore there is no authenticated user and performs redirect to the login page. Still, the cookie is there and all standard http requests work as expected.
Is there any easy workaround for this issue? What is the recommended practice in such scenarios?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
