Brace yourself, a strange Angular / IIS problem is coming: I have created an Angular 1.4.0 application that uses $cookies to store the oauth access token after a user logged in.
What works beautifully on localhost fails whenever I deploy the website to an IIS server (I tried Azure and a remote one). I can not understand why. It is always the same procedure but saving / reading the cookies seems to work only locally.
The backend (with the API) runs on Azure and has not been touched. The frontend always connects with this Azure-API but does only work when hostet locally.
Do you have any idea? My code looks like this:
$http({
url: "/api/account/login",
method: "POST",
data: loginData,
headers: {'Content-Type' : 'application/x-www-form-urlencoded; charset=utf-8'}
}).then(
function (success) {
$cookies.put('access_token', success.data.access_token);
$cookies.put('refresh_token', success.data.refresh_token);
// 'test' contains the correct token on localhost
// 'test' is undefined whenever deployed to an iis
var test = $cookies.get('access_token');
deferred.resolve(results);
},
function (error) {
deferred.reject({"loginError":-1})
}
);
Could it be that the IIS has a special cookie policy that prevents the cookie access?
UPDATE 1: Please don't get me wrong, I do not want the IIS to manage or track my session state. I just want to be allowed to use cookies for storing my OAUTH access token.
UPDATE 2:
Fun fact: At the very first request that is sent to the server after the login procedure, the access token can be read out of the cookies. Every request after thatfails because $cookies.access_token
is undefined. And I swear (by the old gods and the new) that I do not delete it!
I am thankful for every hint or help!
Can you log and check what value you are getting from IIS for success.data.access_token
if it is session cookie token then you have to check IIS configuration.
Please refer below link for validating session cookie settings
https://technet.microsoft.com/en-us/library/cc754725(v=ws.10).aspx