Search code examples
node.jsgoogle-chromecookiesgoogle-chrome-devtoolssession-cookies

Google Chrome not setting cookie sent from NodeJS/Express server

I am trying to set up authenticated endpoints in my backend(Express/Node/Mongo with express-session) and can send a cookie to the client (Chrome Version 53.0.2785.143) in the Response Header but when I look for the cookie in the Dev Console under Application->Storage->Cookies->http://localhost:8100 it is not there, and so nothing is sent back to the server in subsequent Request Headers. However, when I test the code as written using Postman it appears that everything works meaning that the server sends a cookie on login and the cookie is returned when I GET authenticated endpoints.

Response Headers
HTTP/1.1 200 OK
X-Powered-By: Express
Vary: X-HTTP-Method-Override
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: DELETE, PUT, GET
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Type: application/json; charset=utf-8
Content-Length: 1258
ETag: W/"4ea-X9Q0hp8ptccLVapzMZamYA"
set-cookie: connect.sid=s%3AyEaCZPUtH-rA0yQ3Osk-FNBHxQNYbFqp.gvwe%2FO0GSSfaX6i8Y29XD9vEo6ht2M%2FqL00wiFpntnU; Path=/
Date: Tue, 25 Oct 2016 01:28:59 GMT
Connection: keep-alive

Request Headers
POST /login HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Content-Length: 51
Pragma: no-cache
Cache-Control: no-cache
Origin: http://localhost:8100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
Content-Type: application/json
Accept: */*
Referer: http://localhost:8100/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8

Request Payload
{"email":"test9876@gmail.com","password":"test123"}

Settings object for the session ID cookie:
{ path: '/', _expires: null, originalMaxAge: null, httpOnly: false }

session ID cookie name = 'connect.sid'.

Ionic2 service to login user.
public loginUser(user:Object):Observable<any>{
    let headers = new Headers();
    headers.append('Content-Type', 'application/json');
    return this.http.post('http://localhost:8000/login', JSON.stringify(user), {headers: headers})
            .map(this.extractData)
            .catch(this.handleError)
}

public extractData(res: Response) {
    console.log(res.headers); //cookie does not log here in response
    let body = res.json();
    return body || { };
}
Solution

  • Usually, chrome won't save cookies for localhost. Please disable your web security in chrome.

    How to disable chrome web security ?

    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir="C:/Chrome dev session" --args --disable-web-security