How to set Cookies in POST Header in AngularJS

Question

I am using a Web Service (Drupal 7 Services) for user login / logout through an Mobile App(not browser) using Ionic Framework. It requires that I set the the Header of POST method to the same cookie that was set on user login.

1) How to get the cookie header using AngularJS (version 1.3.5)

The cookie in Response Header on login is

...
Set-Cookie: SESSd6f3e35b53c92bc6e830d79db4d6eb6c=AEFJYKD8s6vAsizxgYaNOJPy0dPMQ1rJX8RYO-cjfXs; 
...

2) How to put this in $http headers using AngularJS

Next, how to set the Cookie for POST.

$http({
    method    : 'POST',
    url       : '192.168.1.10/app/user/logout',
    dataType  : 'json',
    headers: {
      'X-CSRF-Token': token,
      'Content-Type': 'application/x-www-form-urlencoded',
      'Accept': 'application/json',
      'Cookie': 'SESSd6f3e35b53c92bc6e830d79db4d6eb6c=AEFJYKD8s6vAsizxgYaNOJPy0dPMQ1rJX8RYO-cjfXs, 
      // HOW to set this cookie using angular to the value that was read on login
    },
  })

The `ngCookies` module provides a wrapper for reading and writing browser cookies. You can get this cookie by its name and put it in header when you configure the `$http` headers. Or use http interceptor to do it for all http requests in a single place. — Master Po, May 27 '17 at 15:52
Can you please show how to use ngCookies to read and write cookies, particularly how to set a cookie for the Header in http — Pankaj Bhagat, May 27 '17 at 17:22
Its defined in a separate module. We should add it as dependency to our module `ngCookies`. see documentation [here](https://docs.angularjs.org/api/ngCookies/service/$cookies). — Master Po, May 27 '17 at 17:35
tokens are preferable over cookies when you're using angular on the web view. Look up angular's transform request and use it to set the cookie on success of login. — Amin Mohamed Ajani, May 27 '17 at 18:19
@Pete I have added 'ngCookies' to my app. And $cookies to my controller and function. What I am looking for is the sample code to read the cookie on login. And to put the Cookie in the $http POST headers. Can you help with a sample Code — Pankaj Bhagat, May 28 '17 at 03:47

Master Po · Answer 1 · 2017-06-08T08:14:46.487

0

I see you are using an older version of AngularJS (1.3.5). In 1.3.5 you can use either $cookies or $cookieStore service. Please note $cookieStore is deprecated since v1.4.0.

Using $cookies in version 1.3.5

$cookies.cookiename = cookieValue; //sets the cookie
var cookieValue = $cookies.cookiename; //reads the cookie

Using $cookieStore in version 1.3.5

$cookieStore.put(cookieName, cookieValue); //sets the cookie
var cookieValue = $cookieStore.get(cookieName);//reads the cookie

You can see the $cookies does not support methods in version 1.3.5. Later versions support them and has more methods as $cookieStore is deprecated.

Now lets take the cookie name be phpsessId that is set by server after your login request. And in your controller you can get its value as follows

var sessionId = $cookieStore.get('phpsessId')

Now the http request can be configured with this cookie as follows

$http({
    method    : 'POST',
    url       : '192.168.1.10/app/user/logout',
    dataType  : 'json',
    headers: {
      'X-CSRF-Token': token,
      'Content-Type': 'application/x-www-form-urlencoded',
      'Accept': 'application/json',
      'Cookie': sessionId
    }
  }).success(function(){...}).error(function(){...});

Or you can set common headers for all requests as mentioned in $http 1.3.5 docs.

Also take care of forbidden header names. Cookie is one of them

Hope this helps.

edited Jun 08 '17 at 08:14

answered May 28 '17 at 08:39

Master Po

1,497
1
23
42

I made progress using above suggestion, however it now says 'Refused to set unsafe header "Cookie" '. I tested using Postman - chrome extension, and that required me to use Postman Interceptor to logout successfully. Seems, that there is a need for a similar thing in angularJS – Pankaj Bhagat May 28 '17 at 09:57
"Refused to set unsafe header "Cookie" is warning from Postman. right? What if we try the request with angular? – Master Po May 28 '17 at 10:00
No. "Refused to set unsafe header "Cookie" ' is from Chrome. But when I used Postman and Postman interceptor it works. – Pankaj Bhagat May 28 '17 at 10:08
FireFox throws: " Attempt to set a forbidden header was denied: Cookie ionic.bundle.js:24947:12 " any suggestions Pete? – Pankaj Bhagat May 28 '17 at 10:48
Done some research and got some inputs from https://stackoverflow.com/a/42257186/6565719. We don't need to specify the cookie header. If we set a cookie with $cookies browser will add the cookie automatically in http request – Master Po May 28 '17 at 11:18
used $cookies.put($rootScope.loginSessionName, $rootScope.loginSessionID); YET, I see that the Request Headers does not have the cookie. – Pankaj Bhagat Jun 06 '17 at 10:36
It seems Android does not support cookies: See this: https://stackoverflow.com/questions/31139365/can-you-use-cookies-in-a-cordova-application – Pankaj Bhagat Jun 07 '17 at 15:25
but if cookies are not supported on android then how would Android app make a http request that needs cookies in its headers? – Pankaj Bhagat Jun 07 '17 at 16:29

How to set Cookies in POST Header in AngularJS

1 Answers1