4

I am using ASP.Net Core 2 WepAPI controller.
Current version of Chrome(currently 64).
Angular 5 SPA.
Need to work on localhost.

This is controller method:

public class TestController : ControllerBase
{
    [HttpGet, Route("api/[controller]/test")]
    public async Task<IActionResult> Get()
    {
        Response.Cookies.Append("testcookie", "testvalue", new CookieOptions
        {
            Path = "/",
            Domain = "localhost",
            Expires = DateTime.UtcNow.AddHours(6),
            HttpOnly = false,
            Secure = false
        });

        return Ok("Test Ok.");
    }
}

And I don't think it matters, but this is my client code.

  private async test2() {
    const res = await this.http.get('http://localhost:59879/api/test/test').toPromise();
  }

When I look in Chrome Console -> Network Tab -> the request line -> Cookies Tab; I see my response cookie(s) but no request cookie. I also do not see request cookie in HttpContext.Request.Cookies on subsequent requests.

How do I create any kind of cookie,

  • that is created server side, and returned from controller method,
  • and client/browser sends to server?

Assume server is on localhost:59879.

I have tried many iterations of setting the Domain to localhost, 127.0.0.1, false and excluding it. Tried not specifying CookieOptions at all, no Expires, and various combinations of HttpOnly and Secure settings to no avail.

These are some resources I have tried.

Update - I see a recent SO that may have the same cause of what I am experiencing.

ttugates
  • 5,818
  • 3
  • 44
  • 54
  • So... [this answer](//stackoverflow.com/a/7369084) on the question [Chrome localhost cookie not being set](//stackoverflow.com/q/7346919) says that it won't work with localhost, and that you need a second-level domain name. Did you follow the instructions in that answer? – Heretic Monkey Mar 18 '18 at 20:11
  • [@Mike McCaughan](https://stackoverflow.com/users/215552/mike-mccaughan), Yes, I specifically tried `http://127.0.0.1` for value of `Domain`.. In addition to trying `domain = Request.Host.ToString()` and publishing to Azure with no luck. – ttugates Mar 18 '18 at 20:15
  • What about "edit your hosts file to map a different URL with a TLD to the address 127.0.0.1 such as: yoursite.tld 127.0.0.1" – Heretic Monkey Mar 18 '18 at 20:16
  • Added `127.0.0.1 yoursite.com` to hosts file.. Veridied by pinging 'yoursite.com'. Still only seeing Response Cookies set, but not Request Cookies. – ttugates Mar 18 '18 at 20:26
  • [@Mike McCaughan](https://stackoverflow.com/users/215552/mike-mccaughan) - Did you just comment to make sure I tried the solutions that I stated I tried in my question, or do you have knowledge of setting a cookie server side with specified technologies and getting a result? – ttugates Mar 18 '18 at 23:53
  • The workaround stated, using a full domain name, has worked in my experience. If that's not working for you, I suggest firing up IIS proper and try mapping the domain name there as well. You'll need to debug by attaching to the appropriate process. – Heretic Monkey Mar 19 '18 at 12:32
  • Since there are other cookies being set and returned in the request by the client(related to Auth), and that that the implementation does not work even when published to Azure. I feel safe to discard any solution related to installing IIS or editing the hosts file. The existence of a solution with-out is proven. I have to assume the issue is related to how I create the cookie, with a very, very slight chance cause is client side. For such a simple task, there has to be an existing SO, but I could not find one. – ttugates Mar 19 '18 at 13:11

1 Answers1

3

This code:

public class TestController : ControllerBase
{
    [HttpGet, Route("api/[controller]/test")]
    public async Task<IActionResult> Get()
    {
        Response.Cookies.Append("testcookie", "testvalue", new CookieOptions
        {
            Path = "/",
            Domain = "localhost",
            Expires = DateTime.UtcNow.AddHours(6),
            HttpOnly = false,
            Secure = false
        });

        return Ok("Test Ok.");
    }
}

it will work if you accessing by browser. You trying access via ajax api, it won't work like that. If you analyze the code here:

Response.Cookies.Append("testcookie", "testvalue", new CookieOptions
{
    Path = "/",
    Domain = "localhost",
    Expires = DateTime.UtcNow.AddHours(6),
    HttpOnly = false,
    Secure = false
});

this response is not access by browser, it access return ajax success.

See here can-an-ajax-response-set-a-cookie thread. Or solution in mapping-header-cookie-string-to-cookiecollection-and-vice-versa.

That's not better approach access API and set-cookies via server, better it just do it on client side as discussion this thread.

hendrathings
  • 3,720
  • 16
  • 30