浏览器不会存储Cookie [英] Browser won't store cookie

问题描述

我正在localhost:3000上运行有角度的4客户端，该客户端正在与WEB API localhost:5000通信.我的问题是，当服务器指示这样做时，我无法弄清为什么浏览器拒绝存储cookie.

I'm running an angular 4 client on localhost:3000, which is communicating with a WEB API localhost:5000. My problem is, that I can't figure out why the browser refuses to store a cookie, when the server instructs it to do so.

客户请求标头

Request URL:https://local.dev:5000/user/list?page=1&column=Email&listOrder=2
Request Method:POST
Status Code:200 OK
Remote Address:127.0.0.1:5000
Referrer Policy:no-referrer-when-downgrade
Accept:application/json
Accept-Encoding:gzip, deflate, br
Accept-Language:en-NZ,en-GB;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Content-Length:0
Content-Type:application/json
DNT:1
Host:local.dev:5000
Origin:https://localhost:3000
Pragma:no-cache
Referer:https://localhost:3000/user

服务器响应标题:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:https://localhost:3000
Cache-Control:no-cache
Content-Type:application/json; charset=utf-8
credentials:include
Date:Tue, 09 May 2017 08:22:25 GMT
Expires:-1
Pragma:no-cache
Server:Kestrel
Set-Cookie: <cookiename>=<somedata>; expires=Tue, 09 May 2017 09:22:23 GMT; domain=local.dev; path=/; secure; httponly
Transfer-Encoding:chunked
Vary:Origin
withCredentials:true

如您所见，CORS也已启用.HTTPS用于传输.也尝试了不设置有效期的尝试.Cookie的域设置为 local.dev .我还尝试了/和 localhost .

As you can see CORS is also enabled. HTTPS is used for transmission. Also tried without setting an expiration date. The cookie's domain is set to local.dev. I also tried with / and localhost.

然后，Chrome的调试视图不显示cookie.只是一些默认的角度cookie.因此，我假设由于某种原因而忽略了set-cookie标头.

Afterwards Chrome's debug view does not display the cookie. Just some default angular cookie. Therefore I assume the set-cookie header is ignored for some reason.

帮助！

推荐答案

对于跨域AJAX请求，您需要明确指定Cookie应该与请求一起发送，并在响应中接受.

For cross-domain AJAX requests, you need to explicitly specify that cookies should be send with the request, and accepted in the response.

这是使用XMLHttpRequest对象的 withCredentials 标志完成的.

This is done using the withCredentials flag of the XMLHttpRequest object.

在Angular中，您可以将其设置为 $ http 服务的选项，另请参见AngularJS withCredentials

In Angular, you can set it as an option of the $http service, see also AngularJS withCredentials

这篇关于浏览器不会存储Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！