JQuery redirect and HttpOnly cookies

We are using JQuery AJAX for login. The logon service issues an HTTP 302 specifying the GET location for the user logging in, or (in case of login failure), a REST endpoint that always returns an unauthorized HTTP status. At the same time as 302, we are issuing a set of cookies for the JSESSIONID. Cookies cookies HttpOnly.

When using a direct HTTP form post, the redirect works fine and everything is set. When using JQuery AJAX, the redirect to GET / user / {userId} doesn't work as the cookie is not sent with the second call. This invalid second call should cause another redirect to the endpoint with a terminating error, but it actually doesn't. By checking this, I see that the second call is "Canceled". What does this mean and how do I fix the problem in the first place?


source to share

1 answer

You may be wrong about the policy of the same origin. Is the domain you are logging in from in the same file that the page / script file was sent from?

If not, you will need to use CORS (Cross Source Resource Sharing) to force the cookie to stick.

You can learn more about this here:





All Articles