Angularjs: $ http response set-cookie doesn't work with CORS
I am using angular and java building a small website.
I am trying to write an auth system, but I am encountering some cookie problems.
My web application runs on localhost: 8081 while my Java servlet is on localhost: 8888. In my java code:
response.addHeader("Access-Control-Allow-Origin", "http://localhost:8081");
response.addHeader("Access-Control-Allow-Headers", "X-Requested-With");
response.addHeader("Access-Control-Allow-Credentials", "true");
In my angular code:
$httpProvider.defaults.withCredentials = true;
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
Actually I tried reading Set-Cookie in Ignored HTTP header using AngularJS
Angularjs $ http doesn't seem to understand "Set-Cookie" in response
$ http response Set-Cookie not available
but I still encounter strange problems.
My first login: You may find that the server responds with a JSESSIONID and a mobile cookie in the set-cookies header.
but I check the chrome developer tool and find that resources> cookie is empty.
after logging in, I send another request to the server to get the list: but strangely, chrome sends a JSEESIONID that is sent from server to client on first login, but cannot find it in chrome developer tool. while chrome does not send the "mobile" cookie that I create.
I set my cookie on the server with
CookieUtils.setCookie(response, "mobile",String.valueOf(customer.getPhone()), 3600*24*7, "/","localhost");
request.getSession().setAttribute("user", customer);
request.getSession().setMaxInactiveInterval(3600*24);
what can i do if i want to get the cookie in the $ http response and set it, and when request another thing with that cookie like my "mobile" cookie, because i want to do authentication that way.
while the same code works with firefox it is ok but doesn't work in chrome 43.0.2357.65 m, wtf ..
source to share