Problem
I ran into trouble with a REST application (RESTEasy). In my app, I'm setting a cookie. When I was developing and testing this, using Firefox, I had no problems. The cookie would get set and returned as expected. However, when I went to try it in Internet Explorer, the cookie would not get set. I confirmed the same behavior in Chrome.
I verified, using Fiddler, that the cookie was getting sent back no matter what browser was making the request. But, despite the browsers receiving the cookie, not only was the cookie not being sent back by IE and Chrome, I could find no trace of the cookie in the browser's cookie store.
What I've tried
This happened at work today, and I spent a good long time turning off any security settings in IE. I don't think it's that. Once I came home, I wrote a simplified version to rule out as many code complications as I could. I also tested it in Safari, and again on Chrome and IE. So, this has now been tested on both Windows and Mac. No luck.
I also tried fiddling with the cookie's settings. I originally had HttpOnly set, so I unset it. I originally had a session cookie, so I changed its expiration to 1 day. I tried fooling with the path and with the domain. No luck.
The app is more complicated, but in simplifying things I have ruled out cross-site issues, Ajax issues, and so forth. I have also tried with different domains: localhost, intranet, and fully qualified domains. I don't know what's up!
Here is a sample of the cookie header being returned. (This came from curl and my stripped down version of the app.) In this version, the cookie is set to expire after 1 day. But, like I said, I have tried it with a session cookie as well.
Set-Cookie: ExampleCookie=abcdefg0123456; Version=1; Comment="Just a sample cookie."; Domain=localhost; Max-Age=86400; Expires=Sun, 31-Aug-2014 03:33:44 GMT; Path=/
Sample code (tested)
Below is a stripped down version of the code that failed me. I have tested the code below, and I can't make any sense of why Chrome & Internet Explorer won't set the cookie, but Firefox & Safari will. Has anyone had an issue with these browsers and cookies, or with RESTEasy and cookies?
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
// Omitted: The base path, set elsewhere, is /CookieExample/rest
@Path("/")
public class CookieExampleService {
@GET
@Path("/")
@Produces("text/html")
public Response sayHello() {
return Response.ok().entity("<p>Hello, Cookies!</p>").build();
}
@GET
@Path("/cookiejar")
@Produces("text/html")
public Response serveCookie() {
NewCookie cookie = new NewCookie("ExampleCookie",
"abcdefg0123456",
"/",
"localhost",
"Just a sample cookie.",
NewCookie.DEFAULT_MAX_AGE,
false);
// http://localhost:8080/CookieExample/rest/cookiejar
return Response.ok().cookie(cookie).entity("<p>Have a cookie!</p>").build();
}
}
Any insight would be greatly appreciated. This has really got me stumped. Thanks!
