read Set-Cookie header information and maintain user session using angular js

Question

I am new to angular js. Now I have an application that sends requests to the server. Login is working fine and the server responds with, among other data, the session information in the Set-Cookie field. The problem is I can neither read this information using angular js nor perform any other operations that require logging in. Among the solutions I have tried are; This but it gives the error below:

Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin http://localhost:52000 is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

When I try using the ngCookies module, that also returns null whenever I try to access session data which makes sense because I can not access that data in the first place. How can I solve this issue? Oh, perhaps its worth mentioning that the server is on a different domain and using C#. Any help will be highly appreciated.

Below is the login controller:

appAuth.controller('ctlLogin', function ($scope, $http, $cookies, $rootScope) {
    $scope.userCreds = {};
    var config = { withCredentials: true };
    $scope.login = function () {
        $http.post(urlLogin, $scope.user, config).then(function onSuccess(response) {
            console.log('success');
            var session = $cookies.get('Set-Cookie');
            console.log(session);

        }, function onFailure(response) {
            console.log('failure');
        });
    };

I this a part of the question may be missing... why does the question end with "and another sample server access: "? Should it include more text after that?? — SPArcheon, Jan 18 '18 at 15:32

score 1 · Accepted Answer · answered Jan 18 '18 at 15:21

1

First you should read about CORS. Or as mentioned in your Error, you can also allow the origin of the request if you are the one doing the development from the back end, then the code from the post you have referenced will work. Look at this.

answered Jan 18 '18 at 15:21

guthik

404
1
7
15

score 0 · Answer 2 · answered Jan 18 '18 at 15:10

0

As you mention your server is on another domain,you have to enable CORS request in your server. The server you are making the request to has to implement CORS to grant JavaScript from your website access. Your JavaScript can't grant itself permission to access another website.

https://enable-cors.org

https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control

answered Jan 18 '18 at 15:10

Apoorva Jhanwer

86
5

You have to enable CORS on your server.For example if your server is ASP.NET application https://enable-cors.org/server_aspnet.html – Apoorva Jhanwer Jan 18 '18 at 15:21
Ok, let me take a look at this as well. Thanks. – gordon Jan 18 '18 at 15:24
Yes, I can access remotely. . – gordon Jan 18 '18 at 15:25
Actually allowing Cross Origin Request can degrade the security of your server endpoint.https://paulhammant.com/2016/01/02/cors-vulnerabilities/ – Apoorva Jhanwer Jan 18 '18 at 15:26

read Set-Cookie header information and maintain user session using angular js

2 Answers2