Angular 5 unable to read Set-Cookie from http response

Question

I am trying to read a JSESSIONID cookie (Set-Cookie) from the HTTP response that I get from the server.

The network tab shows me response header :

when I try to get the response I dont see it.

return this.http
      .get(environment.domain + '/rest/getSessionConfirmationNumber',
      {observe: 'response'})
      .retryWhen(this.config.handleRetry)
      .catch(this.config.handleError)
      .map(response => {
        console.log('getSession success')
        console.log('The cookie jSession ', 
        this.cookieService.get('JSESSIONID'))
}

Also used ngx-cookie-service package (this only gives me cookie present in the application tab in browser)

also tried withCredential=true in the get request. throws some sort of CORS error (the plugin is on).

The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:4200' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute

EDIT1: Tried update xml as per CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true

<init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>http://localhost:4200</param-value>
    </init-param>

still doesnt work.

I couldnt find the solution on angular frontend side. On server side I had to create a JWToken REST endpoint , which I called in frontend and passed the generated token as a header in all the REST calls. While at the server pipeline level, I am validating the token before calling the rest endpoints. — JavaQuest, Jun 09 '18 at 01:40

score 0 · Answer 1 · answered Jun 05 '18 at 13:26

0

you have a typo in your code, you have this.cookieService.get('JSESSOINID')) should be this.cookieService.get('JSESSIONID'))

answered Jun 05 '18 at 13:26

Gabriel Guerrero

466
4
5

thanks, i corrected it but that is still not the reason – JavaQuest Jun 05 '18 at 13:35
Ok I think I know whats your problem, is CORS, the cookie the servers creates it is in the domain of the server, basically open a browser tab with the domain of the server you are using, ignore if it shows an error and check cookies in the browser debug tools , you will see JSESSIONID there. The domain where you code is can not read the cookies of another domain, if you have control over the server use token base authentication like JWS don't use cookies, another way is to use cross subdomain cookies if your app and the server share a similar domain – Gabriel Guerrero Jun 05 '18 at 16:20
1

thanks Gabriel, I final solution i decided to implement is get JSESSIONID created from backend as a REST endpoint response and then use to for all the remaining calls. Wish I could just grab that cookie which is clearly visible in network header response. – JavaQuest Jun 05 '18 at 19:12
Hey do you got any solution on it @JavaQuest – HD.. Nov 19 '18 at 13:27
@HD.. the comment above yours was the solution that I used: retrieve from backend server. I feel like for security reason that is the best practice – JavaQuest Nov 20 '18 at 13:35

Angular 5 unable to read Set-Cookie from http response

1 Answers1