Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can axios set cookies?

See original GitHub issue

I’m trying to set a cookie with a response header like so:

Set-Cookie:connect.sid=s%3AvidaO7FJ_U-Fx77zGEAozIizc4eddq8P.wkkigPnMdYNo8SttRYplaI1%2FGL56vUVDgUK3UzoI6DI; Domain=subdomain.ofmywebsite.com; Path=/; Expires=Sun, 04 Mar 2018 15:14:18 GMT

Client side code:

axios.defaults.withCredentials = true;

axios('domain.ofmyserver.com/api/login', {
      method: 'post',
      data:{
        email: this.state.email,
        password: this.state.password
      },

    })

But no error is given and no cookie is set. What am I missing here? When I go directly with the browser to the server domain it will set a cookie. But with a POST request in axios it simply refuses it without any error.

Context

axios version: 0.17.1
Environment: Chrome, safari, firefox
express server with express-session 1.15.6

Issue Analytics

State:
Created 6 years ago
Reactions:8
Comments:9

Top GitHub Comments

13reactions

ninaolocommented, Dec 20, 2018

If anyone still has this problem and reads this: double check that you’re setting domain and path from the server. I see that the creator of this thread did that, but I hadn’t and was going crazy over why it didn’t work. With fetch instead of axios, it worked without setting those properties, but axios needed them apparently.

1reaction

dspacejscommented, Apr 10, 2020

Having tons of trouble with this. Domain and Path is being set as @ninaolo said:

sessionid=redacted_token; Domain=127.0.0.1; expires=Fri, 10 Apr 2020 07:07:41 GMT; HttpOnly; Max-Age=900; Path=/

The Access-Control-Allow-Origin and Access-Control-Allow-Credentials headers have also been set (which can cause issues with CORS). I’ve also tried disabling CORS on the server, the same issue exists.

The withCredentials setting has also been set:

axios.defaults.withCredentials = true;

I’ve also tried passing withCredentials to the request itself (in case the default setting didn’t work):

const response = await axios.post(
  `${API_URL}${LOGIN_URI}`,
  {
    email,
    password
  },
  { withCredentials: true }
);

Yet this still doesn’t seem to be setting the cookie and I don’t know why. The exact same endpoints work in Postman (it sets the cookie from the Set-Cookie header), yet in the browser it’s not working.

I also tried the same thing with fetch() and it worked in Chrome, it shows it in the devtools storage section. Except that when I refresh the page, the cookie disappears. And in Firefox it didn’t even work at all.

So this issue seems to not be specific to axios (I initially thought it was). Does anyone know what could be wrong?