Ionic2 Set-Cookie ignored in simulator withCredentials


#1

This issue is similar to a question about setting cookies as well as various other questions on the Internet, but none of them actually have solutions.

Cordova CLI: 6.5.0
Ionic Framework Version: 2.3.0
Ionic CLI Version: 2.2.3
Ionic App Lib Version: 2.2.1
Ionic App Scripts Version: 1.1.4
ios-deploy version: 1.9.1
ios-sim version: 5.0.13
OS: macOS Sierra
Node Version: v7.9.0
Xcode version: Xcode 8.2.1 Build version 8C1002

I am logging into an API that I have no control over. This responds with session cookies using the set-cookie header. Preflight options respond appropriately and this works when using ionic serve.

However, when running the app in an emulator, it seems like the http service makes no attempt to use cookies from the response. I have tried various things, including:

login(credentials: any) {
  this.http.post("http://api.com/login", credentials, {withCredentials: true});
}

getProfile() {
  this.http.get("http://api.com/profile", {withCredentials: true});
}

The login request responds with Set-Cookie headers and these do seem to work properly in the browser, but they are not sent for http requests when running the app on a simulator or device even when I try to use withCredentials.


#2

Probably a silly question, but do you have the cordova whitelist plugin installed?


#3

Yes, it is installed @ 1.3.1; I’m not using it in any particular way that I know of.


#4

This was actually just my mistake / typo. Things seem to be working okay.
This post can be deleted.


#5

So how did you solve this problem in the end? Can you share the code for future googlers?


#6

I didn’t have to do anything; it was more or less working fine. The typo was in one of the headers I was trying to send to the server (unrelated to cookies).

Seems like just doing this.http.get(url, {withCredentials: true}) will appropriately set cookies for cross domains as expected. I’m actually not sure whether withCredentials is needed, but since we’re developing in the browser as well there’s no harm in having it.


#7

Please be specific: what was the typo? I have exactly the same problem: it works in my browser, but I don’t see a typo?