Hello everyone, colleagues!

I can't set up a cookie for a website.

The server is configured with http only, so I do not have direct access to the authorization cookie. I add withCredentials: true to all http requests, so that the cookie set by the server during authorization is sent back with the following requests. It works great.

But the web socket does not have a setting for such a parameter as withCredentials and the cookie is not picked up, so it is not possible to log in.

Is there a way to pass a cookie on the website, which is not accessible from js? If this is not possible, then how would you advise to organize authorization in such a situation?

UPD

This pattern is observed only with cross-domain connections. When the client and server are on the same host, then everything is fine.

  • I think we need clarification: 1) where do you have access 2) How do you determine that a cookie is not picked up? - Dmytryk
  • @ Dmytryk, 1) the whole client is written by me, so that in any part of it. 2) connection to the web socket occurs in 2 stages. First, a get request is sent with the header of the upgrade and if the server hangs to be updated, the connection is updated to the web socket (101 code). This happens in case of successful authorization. If authorization failed, then only the first request remains in the developer console. There you can see all the request and response headers - Ivan

0