I have noticed a delay in browser storing or assigning cross domain cookie to other domains other than the domain it returned in.
I have 3 domains. www.mysite.com which calls... api.mysite.com/register and this returns a SSO cookie with the cookie set in header and assigned to .mysite.com The user is then redirected to accounts.mysite.com
The SSO token is returned from api.mysite.com correctly and 99% of the time it is passed to accounts.mysite.com. However if I put a timeout delay of 1000ms I am guarenteed that the SSO cookie gets passed to accounts.mysite.com.
I cannot find any references online to any delay with browsers passing CORS cookies. CORS are set correctly in header all the time even when it fails.Cookie looks good when I inspect it and domain is set correctly to .mysite.com and I;ve event tried it without the leading dot.
So why is it that sometimes it is NOT to passed to the accounts sub-domain. If I replay the failed request in chrome the cookie is passed to the accounts sub-domain the second time. This affects all major browsers.
regards, Ken
This sounds like a race condition in your redirect logic. A common mistake when making AJAX requests is to execute some other code after the request has been sent, but before receiving the callback that indicates that the response has been received. Depending on the timing of the other code, it may be affected by whether the first response "won the race" or not.