3

I have a very strange problem, I am using an express server to set cookies in my Angular 7 project in the browser and later API calls are supposed to send cookies with them. The response header shows that the cookie is being set and request headers of later API calls show that the cookies are being sent. But the problem is the cookies are not visible in the Browser Developer console or as the output of document.cookie. Below attached is the screenshot of response header for setting cookies:

enter image description here

Below is the request header attached while making further API calls:

enter image description here

This question does not resolve the issue as HttpOnly cookie is only 1 out of 3 and even the HttpOnly cookies should be displayed on the browser developer console.

Deependra singh
  • 85
  • 6
  • Does this answer your question? [Why doesn't document.cookie show all the cookie for the site?](https://stackoverflow.com/questions/1022112/why-doesnt-document-cookie-show-all-the-cookie-for-the-site) – hong4rc Jan 03 '20 at 07:28
  • Hi, I was aware of the HttpOnly flag but out of the 3 cookies I am setting only one has HttpOnly flag and even though cookies with HttpOnly flag should also be visible on the developer console at least. Please let me know if I am missing something. – Deependra singh Jan 03 '20 at 07:43
  • 1
    Is the cookie domain name matching the domain of the UI app? i ran into similar issue if cookie's domain is api.domain.com and app is in app.domain.com – Ramesh Jan 03 '20 at 07:57
  • @Ramesh It was the same issue. I set the domain attribute while setting cookies and it worked. But not sure why it was sending cookies but not displaying them. Any thought? – Deependra singh Jan 03 '20 at 08:07
  • The developer tools only lists cookies in the current domain which belongs is for the UI. – Ramesh Jan 03 '20 at 08:52

2 Answers2

4

The cookie's domain should match the domain of the UI app to be seen in developer tools. If the cookie is dropped in api.domain.com and app is in ui.domain.com then via developer tools you can only see cookies in ui.domain.com. You can try explicitly setting the cookie domain to domain.com to see them in dev tools

Ramesh
  • 13,043
  • 3
  • 52
  • 88
0

In addition, you can set your cookie with a wildcard for the domain property, eg: .domain.com.

Rafael Affonso
  • 181
  • 3
  • 6