18

I am trying to make a POST request to the server (Which is a REST service)via javascript,and in my request i want to send a cookie.My below code is not working ,as I am not able to receive cookie at the server side.Below are my client side and server side code.

Client side :

var client = new XMLHttpRequest();
          var request_data=JSON.stringify(data);
var endPoint="http://localhost:8080/pcap";
var cookie="session=abc";
          client.open("POST", endPoint, false);//This Post will become put 
          client.setRequestHeader("Accept", "application/json");
          client.setRequestHeader("Content-Type","application/json");

          client.setRequestHeader("Set-Cookie","session=abc");
          client.setRequestHeader("Cookie",cookie);
          client.send(request_data);

Server Side:

public @ResponseBody ResponseEntity getPcap(HttpServletRequest request,@RequestBody PcapParameters pcap_params ){

Cookie cookies[]=request.getCookies();//Its coming as NULL
        String cook=request.getHeader("Cookie");//Its coming as NULL
}
arpit joshi
  • 1,987
  • 8
  • 36
  • 62
  • 1
    `setRequestHeader("Set-Cookie","session=abc");` — Set-Cookie is a **response** header, not a request header. – Quentin Mar 01 '16 at 20:59
  • see also this thread http://stackoverflow.com/questions/2870371/why-is-jquerys-ajax-method-not-sending-my-session-cookie – ralf htp Mar 01 '16 at 21:02

2 Answers2

13

See the documentation:

Terminate these steps if header is a case-insensitive match for one of the following headers … Cookie

You cannot explicitly set a Cookie header using XHR.

It looks like you are making a cross origin request (you are using an absolute URI).

You can set withCredentials to include cookies.

True when user credentials are to be included in a cross-origin request. False when they are to be excluded in a cross-origin request and when cookies are to be ignored in its response. Initially false.

Such:

client.withCredentials = true;

This will only work if http://localhost:8080 has set a cookie using one of the supported methods (such as in an HTTP Set-Cookie response header).

Failing that, you will have to encode the data you wanted to put in the cookie somewhere else.

adu
  • 947
  • 1
  • 8
  • 15
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • should my code be client.setRequestHeader("Set-Cookie","session=abc"); client.withCredentials = true; and also add cross origin (I already have cross origin on my server side ) Server : @CrossOrigin(origins="*") @RequestMapping(value = URIConstansts.PCAP, produces = { "application/json" }, method = RequestMethod.POST) public @ResponseBody ResponseEntity getPcap(HttpServletRequest request,@RequestBody PcapParameters pcap_params ) – arpit joshi Mar 01 '16 at 21:14
  • `client.setRequestHeader("Set-Cookie","session=abc");` — No, that's a response header. – Quentin Mar 01 '16 at 21:16
  • `client.withCredentials = true; ` — Yes, if your server is going to set the cookie through an acceptable mechanism (such as the Set-Cookie HTTP response header). – Quentin Mar 01 '16 at 21:16
  • I am sending cookies to server .My server is not going to set any cookies.It is going to just receive it .So no cookies will be set on the server side ,it will just receive it from the javascript .And the client (javascript) is sending a POST request to the server .And server is not sending anything back to the client .Just a httpstatus as 200 – arpit joshi Mar 01 '16 at 21:26
  • 2
    Then you can't use cookies for this. As I said, you can't set cookies client side on a cross-origin XHR request. – Quentin Mar 01 '16 at 21:27
7

This can also be done with the more modern fetch

fetch(url, {
    method: 'POST',
    credentials: 'include'
    //other options
}).then(response => console.log("Response status: ", response.status));
PDStat
  • 5,513
  • 10
  • 51
  • 86
  • 2
    No. `fetch` **and** `XHR` both let you tell the browser to send any cookies it has stored for the URL in the request, but this question is about **manually** adding a cookie with JavaScript. – Quentin Jan 21 '20 at 11:58