How to transfer cookies from a subdomain to php?

A

Abdulla Timershin2021-05-23 20:53:18

HTTP Cookies

Abdulla Timershin, 2021-05-23 20:53:18

There is a web application on the example.com
domain There is a PHP REST API on the api.example.com

domain When POSTing a request from example.com to api.example.com/signin
api.example.com/signin returns a set-cookie token, but for some reason then it does not save it in the browser and, accordingly, does not send it with

subsequent requests .

if (isset($_COOKIE['token'])) {
 .....
} else {
......
setcookie("token", $new_token, $expr_time,' /', '.example.com', false, false);
}

What can be done on the back? Maybe some headers are missing?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Abdulla Timershin, 2021-05-24
@flawlessattila

Solved the problem by adding withCredentials: true to the headers of each request on the side of the web application.
with axios looks like this

axios.post(API_SERVER + '/login', { email, password }, { withCredentials: true })

and

axios.get(API_SERVER + '/todos', { withCredentials: true })

I

Ilya, 2021-05-23
@New_Horizons

Cookies need SameSite=none and Secure attributes (it doesn't work without https)
https://developer.mozilla.org/en-US/docs/Web/HTTP/...
UPD: If possible, it's better not to store the token in a cookie in favor of a JWT, for example.