2

I have Angular 7 as frontend and Spring Boot as backend.

Angular app hosted on localhost:4200 and Spring app hosted on localhost:8080

On user login, I'm saving a spring session and a cookie is returned. When the user tries to login again, I first check whether the session exists.

For this, the cookie is required from the client. But I'm not getting any cookie in the client request.

In Chrome dev tools, Application tab, following cookie can be seen:

enter image description here

In Spring Boot's application.properties, I have:

spring.session.store-type=jdbc
spring.session.jdbc.initialize-schema=always
server.servlet.session.timeout=60
spring.session.jdbc.table-name=SPRING_SESSION
server.servlet.session.cookie.max-age=2592000

In controller:

@RestController
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:4200", "http://127.0.0.1:4200"})
@RequestMapping(value = "/users")
public class UsersController {    
    ...

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public ResponseEntity<?> login(HttpServletRequest request, HttpServletResponse response) {

        Cookie[] cookies = request.getCookies();
        if(cookies != null) {
          for (int i = 0; i < cookies.length; i++) {
              String cookieName = cookies[i].getName();
              String cookieValue = cookies[i].getValue();
              logger.info("UsersController - cookie - {} {}", cookieName, cookieValue);
           }
        }
        HttpSession springsession = request.getSession(false);
        if (springsession != null) {
            logger.info("UsersController - login - session exists");            
            ...
        }       

        logger.info("UsersController - login - session does not exist");
        ...
    }

I'm not getting any cookie in the client request.

Whereas when I try multiple login requests from the Postman, it works.

So why doesn't it work from browser?

I have tried setting server.servlet.session.cookie.domain property to null, false, 127.0.0.1. But none worked.

How can this be solved?

user5155835
  • 4,392
  • 4
  • 53
  • 97
  • whats the spring session strategy is it header or cookie based ? – Barath May 21 '19 at 14:42
  • @Barath cookie based – user5155835 May 21 '19 at 14:43
  • @Barath There is no additional configuration. @ SpringBootApplication public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } } – user5155835 May 21 '19 at 14:49
  • @Barath there are not much logs available. The application prints UsersController - login - session does not exist – user5155835 May 21 '19 at 14:58
  • can you enable the logs ```logging.level.org.springframework.session=debug``` and share it. check for this ```No session found by id: Caching result for getSession(false) for this HttpServletRequest.``` – Barath May 21 '19 at 15:19
  • @Barath Yes, I'm getting: No session found by id: Caching result for getSession(false) for this HttpServletRequest. – user5155835 May 21 '19 at 15:23
  • @Barath the issue seems to be of browsers handling of cookies, most likely because it is localhost – user5155835 May 21 '19 at 15:37
  • @Barath Angular app hosted on localhost:4200 and Spring app hosted on localhost:8080 – user5155835 May 21 '19 at 15:39
  • @Barath network tab details for first login request https://i.stack.imgur.com/E5Sdr.png – user5155835 May 21 '19 at 15:40
  • @Barath cookies are actually passed as part of the request – user5155835 May 21 '19 at 15:47
  • @Barath it cannot be seen in the request. But can be seen in Application tab cookies. – user5155835 May 21 '19 at 15:50
  • @Barath yes, this.http.get(entity.url) – user5155835 May 21 '19 at 15:52
  • ok I think its strange but I could clearly see cookies are not passed as part of the request. cookies must get passed as part of the request even though it is present in application tab. check the network tab always cookies will get passed. Try to debug whether http is configured with credentials property. – Barath May 21 '19 at 15:56
  • Hi, I'm facing exactly the same issue, did you solve it ? – TCH Mar 16 '21 at 16:38
  • @TCH unfortunately not – user5155835 Mar 16 '21 at 16:50
  • I think this guy is on the same issue as us, https://stackoverflow.com/questions/51696601/cors-domain-cookie-for-angularjs-and-spring-boot-application. I changed .allowCredentials(*true*) in the CORS configuration of my backend but so far it is not enough to make it work. I still cannot get cookies from in my backend when requests come from the frontend. But with Postman everything works – TCH Mar 16 '21 at 16:55

0 Answers0