I want to use a secure cookie which is stored by the browser when accessing the endpoint /access
on my website. The cookie is saved during the login process and I made sure that my website runs on a subdomain of my backend (which creates the cookies for the clients).
My backend is running on www.welovecoding.com
and my web application is hosted on webapp.welovecoding.com
.
The cookie which I receive from my backend looks like this:
Set-Cookie:user_id=RLXXWNCGAyVBmnogfiE1ngFCpBRKA48YaFOGyrPypwvU3eZCA==; Path=/access; Expires=Tue, 29-Sep-2015 17:37:11 GMT; Domain=.welovecoding.com; HttpOnly; Secure
What I want to do now is a POST request on www.welovecoding.com/access
with my cookie as authentication credentials. I am sending withCredentials
when executing my AJAX request with jQuery:
$.ajax({
crossDomain: true,
type: 'POST',
url: "http://www.welovecoding.com/access",
xhrFields: {
withCredentials: true
}
}).done(function (data, textStatus, jqXHR) {
console.log("Response", data);
});
But I still do get a HTTP error 403 which says that the cookie is missing. Does anyone know why? Maybe because the cookie has HttpOnly
and Secure
set?