Do I need to do anything special concerning sessions/authentication? My server can't see my session after I login via restangular post method. The login is successful, but no sessions are being seen on the server afterwards. If I login with a normal post outside and then try to request a page, it works fine. I also notice that chrome is sending along the following in the headers:
Cookie:_rexbro_session=g2wAAAABaAJkAAxjdXJyZW50X3VzZXJhAmo=--E0687A67DBE48DA40B6957CBCF6E83FB0E612660
This is not being sent via restangular requests.
I should also mention that when I login via restangular, the server is responding with the following header:
set-cookie:_rexbro_session=g2wAAAACaAJkAAxjdXJyZW50X3VzZXJhAmgCZAAEdXNlcmgIZAASRWxpeGlyLlVzZXIuRW50aXR5ZAALRWxpeGlyLlVzZXJhAm0AAAASYXZvaWRpYW1AZ21haWwuY29tbQAAAA1KYXlzb24gQmFpbGV5bQAAADwkMmEkMTAkNHNsQVFFRGRDcXd1R3JNNVYwOXBTLkx3MHpVeElNLy5tbVM2eTVmc3BFa3NUbHhuTUtiMzJoB2QAFEVsaXhpci5FY3RvLkRhdGVUaW1lYgAAB91hBGEcYRFhD2EUaAdkABRFbGl4aXIuRWN0by5EYXRlVGltZWIAAAfdYQVhA2EVYR5hFmo=--D3F8D9A8355421B8571DB691ED5C082AD183B034; path=/; HttpOnly
but I don't see anything being done with it.
Thanks in advance.
EDIT: I should have stated that my server storing the session, the api server, is separate from the server serving the frontend.
I think your are looking for this:
RestangularProvider.setDefaultHttpFields({
withCredentials: true
});
add this lines to app.config
Related
I'm at a loss - I have a django backend and react frontend. On the frontend, I have a login page that sets a JWT token, and I use that token to query data from the django backend. This all works perfectly.
But I also have direct views to these APIs via something simple as http://localhost:8000/tables/data which will just show me a default django view of these tables (ie: a paginated "select * from data" call) ... and hooked in through a genericListAPIView.
Now, as I said, everything works fine when feeding it via a curl command (or postman, or whatnot). I get the JWT token, set it the Authorization access in the subsequent call to the API, and get the data back and do something with in in React.
What I can't seem to figure out is how to hoo that same JWT token when calling trying to access the generic view. When I browse to it, I get
HTTP 401 Unauthorized
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
WWW-Authenticate: JWT realm="api"
{
"detail": "Authentication credentials were not provided."
}
Which I guess make sense since I'm not going through any React authentication. Yet, it's the same server. Should be same authentication (and in fact the login accounts are being managed by django).
I've googled, and read (and tried) a bunch of different things and can't seem to wrap my head around what I am doing wrong. Any help, or any direction, would be much appreciated.
When you make a request from a browser, you can only rely on session cookies. The browser is not able to automatically add an access token to the request. In order to make a request with an access token, you have to make it using Javascript.
I have a backend using Java which produces JSON for the services, which client will need to login/be authenticated using cookies based (JSESSIONID in Java).
I manage to receive JSESSIONID from server, however concecutive $http.get from client does not include previous generated JSESSIONID which I supposed to be automated handle by $http ?
The case:
Step 1
When I tested my login page using $http.post using valid user id and password, I can get an expected result from my server, I can get a generated JSESSIONID from the server, i.e.:
set-cookie:JSESSIONID=0a624257d0f704840bf6d8c8cc31; Path=/tmh-web; HttpOnly
(pls refer to screenshot in Response Header)
after call Login & been auhthenticated screenshot
Step 2
After been authenticated, when tried to call another URL service which requires authentication, I got an error: "403 Forbidden"
And I suspected this is because $http does not send the JSessionID it has received on Step 1.
(pls refer to screenshot in Request Header, there is no JSessionID has been sent back to server)
call next service which requires authentication
Has anyone experienced this problem with Java as the backend server ?
Use / for path attribute of the cookie.
I'm writing a small app using angular.
I need to access a couch database. I only have a user in that DB.
Using cURL commands I can request a session cookie to that database and that use that cookie to request a specific document.
When in angular code I use:
$http.post(url, data).then(...);
Where 'data' has username and password, I can see the cookie using chrome (like in this image chrome dev tool output), but in a code, I can't access it.
Can someone help me with this?
You can not access an HttpOnly cookie using script in browser due to security reasons. It can only be accessed on server.
If you need to include cookies in cross domain requests use withCredentials in the request. See $http docs
$http.post returns a response with a property:
headers – {function([headerName])} – Header getter function.
So you should be able to do something like
.then((response) => {
console.log(response.headers('set-cookie'));
});
See the documentation here
Try to use response.headers('set-cookie')
For the crossdomain situation, the server has to send
Access-Control-Expose-Headers: set-cookie header to make the custom headers visible.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Expose-Headers
I'm setting up a simple authentication service for my angular website using Spring for my backend and I have a following problem.
When I send a cross domain get request with credentials (REST controller on backend), I get authorized by Spring Security, I get a JSESSION cookie and all is fine. What's not fine is that the cookie isn't saved and I can't access it in any way I could think of to save it manually.
Am I missing something here? If you need additional information, I'd be glad to provide it.
#Edit
I have Set-Cookie header in my response:
(...)
Server
WildFly/8
Set-Cookie
JSESSIONID=CODE; path=/PATH
(...)
I have a redirect set up made with Switcheroo that redirect calls from an api server to my local one. The redirect is something like mydomain.com/api/* to localhost:3000/api/. The web app is implemented using angular and all the calls are made by angular services. I don't think angular is involved btw.
The calls are redirected to a Nodejs local server.
When I directly use to browser and I point it to the redirected api url (mydomain.com/api/somedata) I get the correct response. The network panel show me the first call to mydomain.com with a 307 Internal Redirect response, and then the second call to my local server with 200 OK response. Everything works fine and I can see the response in the Response panel of the redirected call..
When I go online I see the exact same two calls but I apparently do not receive any data from the server since the response panel is just showing "The request has no response data available". I know for sure that the redirect is landing to my local server since I see the server logs and when I change the response status the browser receives it.
What can I do? Could be an angular problem since the calls are made by anguar services? I really don't think so but I really don't understand why this happen.
Thanks for your consideration.