Angular's $cookies only work on 'localhost'

1.4k views Asked by At

Brace yourself, a strange Angular / IIS problem is coming: I have created an Angular 1.4.0 application that uses $cookies to store the oauth access token after a user logged in.

What works beautifully on localhost fails whenever I deploy the website to an IIS server (I tried Azure and a remote one). I can not understand why. It is always the same procedure but saving / reading the cookies seems to work only locally.

The backend (with the API) runs on Azure and has not been touched. The frontend always connects with this Azure-API but does only work when hostet locally.

Do you have any idea? My code looks like this:

$http({
    url: "/api/account/login",
    method: "POST",
    data: loginData,
    headers: {'Content-Type' : 'application/x-www-form-urlencoded; charset=utf-8'}
}).then(
    function (success) {
        $cookies.put('access_token', success.data.access_token);
        $cookies.put('refresh_token', success.data.refresh_token);

        // 'test' contains the correct token on localhost
        // 'test' is undefined whenever deployed to an iis
        var test = $cookies.get('access_token');

        deferred.resolve(results);
    },
    function (error) {
        deferred.reject({"loginError":-1})
    }
);

Could it be that the IIS has a special cookie policy that prevents the cookie access?

UPDATE 1: Please don't get me wrong, I do not want the IIS to manage or track my session state. I just want to be allowed to use cookies for storing my OAUTH access token.

UPDATE 2: Fun fact: At the very first request that is sent to the server after the login procedure, the access token can be read out of the cookies. Every request after thatfails because $cookies.access_token is undefined. And I swear (by the old gods and the new) that I do not delete it!

I am thankful for every hint or help!

1

There are 1 answers

2
Raja Rathinam On

Can you log and check what value you are getting from IIS for success.data.access_token

if it is session cookie token then you have to check IIS configuration.

Please refer below link for validating session cookie settings

https://technet.microsoft.com/en-us/library/cc754725(v=ws.10).aspx