0

I try to set a cookie in one domain and send it to another domain.

Architecture :

API-Gateway -> User service

When a login request receives to Gateway, it forwards it to User service.

User service does credential checking, if it matches, then redirect it to gateway.


    expiration := time.Now().Add(24 * time.Hour)
    cookie    := http.Cookie{Name: "usercookie",Value:jwtToken,Expires:expiration,Path:"/"}
    http.SetCookie(res, &cookie)

    redirectURL := "http://localhost:7070/home?usercookie=" + url.QueryEscape(cookie)

    http.Redirect(res, req, redirectURL , http.StatusFound)

I get

cannot use cookie (type http.Cookie) as type string in argument to url.QueryEscape

How can I overcome this issue? My systems are running as micro-services, so how can I solve this issue?

Is there other options to use cookies over domains?

Edit :

When I use just http.Cookie() and then redirect flow from user service.

// User service
    expiration := time.Now().Add(24 * time.Hour)
    cookie    := http.Cookie{Name: "usercookie",Value:jwtToken,Expires:expiration}
    http.SetCookie(res, &cookie)

    http.Redirect(res, req, "http://localhost:7070/home" , http.StatusFound)

// Gateway home controler
func home(res http.ResponseWriter,req *http.Request){
    cookie,cookieError:= req.Cookie("usercookie") 

    if cookieError != nil{
        log.Println("There is an error in cookie : ",cookieError)
    }

    log.Println("User cookie is : ",cookie.Name)

}

Output :

There is an error in cookie : http: named cookie not present

How to send a cookie or a header through http.Redirect

HTTP Redirect (302) Doesn't Use Cookie in Following GET Request

Sachith Muhandiram
  • 2,819
  • 10
  • 45
  • 94
  • 1
    Why are you passing a cookie in a query parameter? Cookies are passed as headers, and you're already setting by `http.SetCookie` – Burak Serdar Apr 03 '20 at 16:47
  • @Burak so I should use `http.Header()`? I do this project as I learn golang – Sachith Muhandiram Apr 03 '20 at 16:54
  • 1
    http.SetCookie already sets the header. What exactly are you trying to do? You cannot set a cookie for one domain and send it to another. That's not how cookies work. – Burak Serdar Apr 03 '20 at 16:55
  • I do this in my user service, and want to send response to gateway with cookie for the user. – Sachith Muhandiram Apr 03 '20 at 17:00
  • 1
    The cookie you set will be set for the host. It will be included in all the requests to the host that set the cookie. If this gateway is the gateway for your service, you don't need to do anything else, just use http.SetCookie. – Burak Serdar Apr 03 '20 at 17:05
  • Yes, I have tried it too, but cookie is not set, I can not retrieve it from gateway. `req.Cookie("usercookie")`, its empty – Sachith Muhandiram Apr 03 '20 at 17:08
  • 2
    It would help if you describe the full architecture. Is this user service authenticating the user for another domain? If that's the case, you cannot set the cookie for that authenticated domain here, you have to pass a token to the client, and the client then can exchange that token with a cookie from the target domain. – Burak Serdar Apr 03 '20 at 17:20
  • @BurakSerdar So basically if user is authorized then authentication service sends a token to gateway, and gateway assign `jwt` and send? – Sachith Muhandiram Apr 04 '20 at 15:56
  • 1
    I do not know if you can set cookie with HTTP redirect. If your user service redirects to the gateway with a jwt, then your gateway can issue a cookie to the user. – Burak Serdar Apr 04 '20 at 22:56

0 Answers0