i'm using node/express make pure backend api. front-end (angular.js) hosted on separate server. have few lines of middleware every request allow cors.
if start chrome -args --disable-web-security flags, works great!
however if start normally, cookies seem not getting set in browser, , therefore sessions on node side aren't kicking in. same safari/mobile safari/etc.
i've tried browser options such "accept cookies"/"never block cookies". thought maybe browsers don't localhost same behavior on localhost , on actual hosted domains.
the flow is:
i login , session set id, on success frontend directed next page. works, , console logged req.session.id , it's correct.
on next page request sent, node server configured use id in session request. safari/mobile safari/chrome req.session.id empty. chrome -security disabled, req.session.id still correct , behaves should.
please refer answer covers cross-domain cookies , session: using express , node, how maintain session across subdomains/hostheaders
Comments
Post a Comment