HTTP requests not honoring cookies


#1

Hi, I am writing an app that does a login to a backend 3rd party service and then calling APIs on it. It is a requirement by that server that to be able to use the APIs you need to login first - it sets a cookie.

So in my ionic app, I have a timer that runs at the start of the app and does a successful login via POST to that server.com/login.php.

However, when I subsequently do http.get(server.com/api/test1.json) it throws a 4xx which probably means it is not recognizing the cookie.

So the question is how do I make sure the cookie set by my POST login is used by all http.gets?

I know ngCookies exists but that seems to be a way to read/write cookies - I only want the login POST operation cookie to be re-used with my requests.

thanks


#2

Which exact 4xx error code? 400 means bad request, very different than 401 or 403.
What do you see in the console, have you looked at the headers sent?
What is written in your server logs?

Normally you don’t have anything special to do so I’m not sure you found the root cause, there’s not enough data in your question.


#3

Let me rephrase. The 4xx is not important for now. (Its 401 == unauthorized)

When I load up a regular browser and go to server.com/login.php and enter my credentials in the form provided, I get a 200 OK which returns the following cookies

Cookie:zmSkin=classic; zmCSS=flat; ZMSESSID=0nsddrgivtv0dje4mpd4v9s240

Now in my ionic app, when I log into the portal using $http.post and I use web-inspector, I also see the same cookies being returned in 200 OK

Set-Cookie:ZMSESSID=pfa1rf3f0sm9gc6u1u4gapg8m5; path=/
Set-Cookie:zmSkin=classic; expires=Sat, 07-Jun-2025 20:07:44 GMT; Max-Age=311040000

However, I can’t seem to access those cookies in my code. For example, in the .success handler of that post, I am doing this:

 .success(function(data,status,headers)
        {
            console.log ("**** ZM Login OK");
            ZMDataModel.zmLog("zmAutologin successfully logged into Zoneminder");
            //$cookies.myFavorite = 'oatmeal';
            $timeout( function() {console.log ("***** ALL COOKIES:" + JSON.stringify(  $browser.cookies()));},1000);
            console.log ("***** ALL HEADERS:" + headers('cookie'));
            
        })

This does not print any cookies. I also tried using ngCookies $cookies.get()

For my program to work, all subsequent HTTP GET requests to APIs need to add the cookie returned by HTTP POST. While I can see the cookie being returned, I don’t see it in my code.

All my subsequent API calls don’t include this cookie returned either. How do I make sure the cookie returned by HTTP POST is attached to the subsequent HTTP GETs?

So how do I fix this?


#4

The http requests in angular are pretty low level, check out this stack overflow and let us know if it helps. I don’t think it’s ionic or cordova specific but angular.


#5

Thanks @NorthMcCormick – that was one of the threads I tried but in my case adding withCredentials just by itself was causing all my requests to fail. Don’t really know what was going on.

But the good news is I went low level too, ditched all these libraries and patched the HTTP interceptor to extract and insert cookies manually and its working great. Does not work with ionic serve, however. Needs to be on device.

I don’t get the point of ngCookie if all it does it create cookies in its own space and it can’t access browser cookies.

The gist of my code:

.factory('zmHttpIntercept', function ($q,zm, $cookieStore) {
    var zmCookie = "";
    
    return {
        'request': function (config) {
            if (zmCookie)
            {
               config.headers.Cookie = "ZMSESSID="+zmCookie; 
            }
            return config;
        },
        
        'response': function (response)
        {
         
            var cookies = response.headers("Set-Cookie");
            if (cookies !=null)
            {
                
                var zmSess=cookies.match("ZMSESSID=(.*?);");
                console.log ("***RESPONSE HEADER COOKIE " + zmSess[1]);
               // console.log ("WHOLE STRING " + cookies);
                zmCookie=zmSess[1];
            }
            return response;
        }