1 Replies - 342 Views - Last Post: 20 February 2020 - 06:35 AM

#1 odutra   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 19-February 20

Ajax call cross domain send cookies

Posted 19 February 2020 - 07:54 PM

Hi Guys,

I'm experiencing an really crazy issue to implement a cross domain call sending cookies from browser. I have crypt cookies generate from my back-end in PHP which I get it in the browser. It is working perfectly. However, I need to send this cookies back to make auth of the users. I'm doing that using ajax call cross domain. However, the browders are not send the cookies. Browsers send everything correctly without the cookies.
I search on internet everything about it and have tried all possibilities, no success. Could you help me?

PHP 7.0
Browser: Chrome and Firefox (same issue)

Code:

My ajax call:

$.ajax({
                    type: 'GET',
                    url: opt.keepAliveUrl,
                    xhrFields: { withCredentials:true },
                    contentType: "text/plain",
                    crossDomain: true,
                    data: Object.assign({}, opt.ajaxData, {cmd: 'session.iscurrent'}),
                    success: function(data) {
                        let abc = data;
                        if (abc.userstatus) {
                            console.debug("Session is alive");
                            //localStorage.setItem("keepAliveTime", Date.now()); // update last keepAliveTime every time this dialog is dismissed
                        } else {
                            console.log("The RackCorp API Session is dead - please relogin!");
                            window.location = opt.redirUrl;
                            localStorage.setItem("keepAliveTime", Date.now() - opt.redirAfter); // set keepAliveTime back in the past so other ticker/dialogs will logout
                        }
                    }
                });



My Back-end PHP:


header("Access-Control-Allow-Origin: {$origin}");
header('Access-Control-Allow-Credentials: true');
header( 'Access-Control-Allow-Headers : Origin, X-Requested-With, Content-Type, Accept, X-OurCustomHeader');
header('Access-Control-Max-Age: 86400'); 



Resquest Browser:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Type: text/plain
Host: api.dev.rackcorp.com
Origin: https://portal.dev.rackcorp.com
Referer: https://portal.dev.rackcorp.com/index.php?if=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.106 Safari/537.36



My Response Browser:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-OurCustomHeader
Access-Control-Allow-Origin: https://portal.dev.rackcorp.com
Access-Control-Max-Age: 86400
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 20 Feb 2020 02:26:03 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: rackcorp/3.1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Type: text/plain
Host: api.dev.rackcorp.com
Origin: https://portal.dev.rackcorp.com
Referer: https://portal.dev.rackcorp.com/index.php?if=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.106 Safari/537.36



Thanks

Is This A Good Question/Topic? 0
  • +

Replies To: Ajax call cross domain send cookies

#2 Ornstein   User is offline

  • D.I.C Head

Reputation: 57
  • View blog
  • Posts: 103
  • Joined: 13-May 15

Re: Ajax call cross domain send cookies

Posted 20 February 2020 - 06:35 AM

At first glance, your headers and code should work.

How/where are you setting the cookies? Both in terms of code and URLs.

Are you mixing HTTP with HTTPS? (e.g. Setting a secure cookie using HTTPS but using HTTP in the AJAX)

Is it possible that something is overriding/deleting your cookies?

What URL do you initiate the AJAX request from (I'm assuming portal.dev.etc) and what URL does the AJAX request connect to (I'm assuming api.dev.etc)?
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1