Error: Refused to set unsafe header "Cookie | Cookie Authentication


#1

Hello Team,

I am trying to authenticate users by PLAIN SSLs when user log in it generates a session token in response.
Using that session token in Cookie I am supposed to access .json files from http get request.

$http({
                    method: 'POST',
                    url: url + username + '&password=' +password ,
                    headers: {
                        'Access-Control-Allow-Origin': '*'
                    }
                }).then(function (response) {

                    var token = response.data.sessiontk;
                    console.log(token);
                    $http({
                        method: 'GET',
                        url: url + 'languages.json',
                        withCredentials: true,
                        headers: {
                            'Cookie': 'sessionTk=' + token
                        }
                    }).then(function (res) {
                        console.log(res.data);
                    }, function (error) {
                        console.log(error);
                    });
                }, function (error) {
                    console.log(error);
                });

Problem is while doing so in google chrome it produces Error: Refused to set unsafe header “Cookie” and does not passes cookie hence json file is not accessible…
But in android and ios emulators it generates same error r: Refused to set unsafe header “Cookie” but works and I am able to access the json file…
Any one can tell me why is it happening and is it safe to proceed or will there be any problems once the APP is in PRODUCTION

Any suggestions are appreciated