How to check that cookies came in response to a cross-domain request?

P

Peppa Pig2018-11-17 15:39:55

JavaScript

Peppa Pig, 2018-11-17 15:39:55

Hello.
I made authentication from the frontend on my knee, right now there is no time to implement jwt.
The bottom line is that I create an authorization form presentation through the FormData object and make a post request along the authorization route with the withCredentials: true parameter. Everything is fine, but I understand that the authorization was successful only because further requests to the API work as they should.
The question is, how can I track that cookies have been installed?
Now, in order to change the state of the application, in theory, I need to make a request to the API. Maybe there are other options?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

Roman Kitaev, 2018-11-17
@deliro

A million options.
If the session cookie/jwt is not httpOnly, then just look at it. Optionally, you can look at it before the request and after, and then compare.
You can make the response to the authorization "ok" / "not okay" from the backend.
Based on further responses from the backend, you can understand whether you are authorized or not.
The main thing is to never focus on JWT claims like nbf, exp in the browser, because the client can have such a downtime that the TLS handshake will pass and break your entire update scheme. For example, it will be 6 minutes behind with a token validity of 5 minutes.