maintaining session cookies in $http requests

[Gerardo Flores]

I'm building a PhoneGap application that is mostly offline but needs to reach out to a server to authenticate users and get data relevant to the user.  CORS is enabled on the server side, and I was able to get the authentication step to complete successfully.  The response to the authentication sets a cookie (

Set-Cookie:

PLAY_SESSION=XxXXX) that I'm supposed to use in subsequent requests. This cookie, however, is not maintained by $http as a browser normally would, and I can't seem to get access to this cookie via javascript so I can manually add it to requests. How should I maintain this cookie across requests? The authentication request is an $http.post where I post credentials. I then later do an $http.get to request a data set for the user.

[Zerho]

did you managed to solve the problem?

[Marco Rinck]

The catch with CORS and cookies is that your ajax requests need to have the "withCredential" option set in config for $http, like this: 

var config = {

  withCredentials: true

}

$http.get(url, config); 

Additionally the server has to answer pre-flight requests with HTTP-Header "Access-Control-Allow-Credentials: true".

see this link: https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS

 

Marco