3

I am trying to create a login page in angular and to save the cookie that is being created by our spring boot application

This is how we create the cookie in BE

val cookie = createCookie(jwtProperties.cookieName, token, expirySeconds,
                false, true, jwtProperties.cookieDomain, "/",
                "sample comment")
response.addCookie(cookie)
response.status = HttpServletResponse.SC_OK
response.contentType = MediaType.APPLICATION_JSON_VALUE
response.writer.write(objectMapper.writeValueAsString(JwtGetDto(token)))

This is the angular request

const headers = new HttpHeaders({
            'Content-Type': 'application/json'
        });
const url = `${environment.api_url}/api/v1/auth/login`
return this._http.post(url, JSON.stringify({ username: username, password: password }), { observe: 'response', headers: headers});

This is the response in browser

Browser Response

This is the response in Postman

Postman Response

i have tried to add withCredentials:true in angular request and still it didn't work

Pavllo
  • 106
  • 6
  • Can it be CORS related? https://stackoverflow.com/questions/46288437/set-cookies-for-cross-origin-requests – Aviad Jun 02 '19 at 15:16
  • When i first set withCredentials:true it did give me some cors error but i fixed that i added the Access-Control-Allow-Credentials and Access-Control-Allow-Origin and the request went fine but the set-cookie header was still missing – Pavllo Jun 02 '19 at 15:42
  • Can you check if it's present via `curl` or equivalent? – Aviad Jun 02 '19 at 15:57
  • The Set-Cookie header is present in curl so i suppose the problem should be with the way i am making the angular request – Pavllo Jun 03 '19 at 08:49
  • Found the solution ? – Karthikeyan Sep 12 '19 at 13:43
  • I encountered a similar problem where chrome didn't save the cookie in the Application/Cookies Window. Many proposed solutions didn't work in my case. What ended up working for me was to explicitly set the path of the cookie to root "/" in my Spring Boot Server Application. I thought that without setting the path the cookie would shop up only for the path of the request. Instead chrome simply didn't set the cookie at all, without any warning/error. Subsequent requests to other routes also don't require the access-control related headers that @Pavllo and others suggests. At least for now. – Zapnuk Jan 25 '21 at 08:53

0 Answers0