Node-http-proxy: Jsessionid cookie won't retain in browser

Created on 21 Apr 2016  路  3Comments  路  Source: http-party/node-http-proxy

Hi,

I have the following setup:

Localhost Express (LAN machine #1) -> Localhost Proxy (LAN machine #1) -> Servlet (LAN machine #2).

Servlet is including a Jsessionid cookie in it's response header, which I'm able to modify and receive on the response header of Localhost Express, but for some reason won't store under browser resources. Any ideas?

Thanks.

Most helpful comment

Thanks!

For anyone else who stumbles across this issue, I didn't have the same setup,

-> http://localhost -> proxy -> https://realserver.com,

In my case the cookie had the Secure flag, so although JSESSIONID was stored @localhost, it was not being sent in subsequent requests because I didnt use the https:// by setting the https property on the webpack-dev-server config.

All 3 comments

I'm having trouble with the same issue, did you find a work around? The set-cookie header comes back with the JSESSIONID, but the browser doesnt retain it.

@adi518

Yes, the solution was just under my nose. It had nothing to do with inner-workings of node-http-proxy. In my case I was making a request from a localized domain (as depicted in OP) to another localized domain (but a different port of course, because by default Node server listens to all domains assigned to loop-back in your hosts file), which was the proxy server. The mistake was not making the request from the same localized domain (that of Express). So what happened is, the proxy returned the cookie and the browser retained under the proxy domain.

To visualize the issue:
I had an Ajax call going from site.com:80 -> proxy.com:81. The Jsessionid cookie was then retained under the wrong domain, namely proxy.com. As soon as I made my call from site.com:80 -> site.com:81 the cookie was retained correctly. I use Chrome, so checking where the cookie ended up was done by simply browsing to: chrome://settings/cookies. If you already turn to a proxy under the same domain and the cookie still doesn't retain, you probably omitted XHR option withCredentials to your Ajax/XHR call, which in this case the response isn't granting the browser permission to retain the cookie, part of how CORS works (see: http://api.jquery.com/jquery.ajax/, https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials).

Thanks!

For anyone else who stumbles across this issue, I didn't have the same setup,

-> http://localhost -> proxy -> https://realserver.com,

In my case the cookie had the Secure flag, so although JSESSIONID was stored @localhost, it was not being sent in subsequent requests because I didnt use the https:// by setting the https property on the webpack-dev-server config.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

karthikus picture karthikus  路  3Comments

catamphetamine picture catamphetamine  路  6Comments

martindale picture martindale  路  6Comments

mohammad-goldast picture mohammad-goldast  路  3Comments

jsmylnycky picture jsmylnycky  路  3Comments