I believe I'm successfully setting a cookie using this Golang code snippet:
c = &http.Cookie{
HttpOnly: false,
Name: "_cas_cookie",
Value: newSessionID(),
MaxAge: 86400,
}
http.SetCookie(w, c)
In fact, I can see it using browser Inspect tools. It is also included in the request headers with every "normal" browser click. However, it is not being included in any ajax query I send. I've used fetch() and jQuery's $.ajax() with the same result. By design, the backend code will generate a new cookie with the same name if it doesn't receive the old. That's what happens, and that new cookie is then used on all future ajax queries. It's almost as if http cookies and Javascript cookies exist in separate domains. I thought that setting the HttpOnly setting to false would take care of this issue, but it does not.
Here is the fetch() code.
function doGetFetch(url, callback){
fetch(
url,
{method: 'get',
credentials: 'same-origin'
})
.then(
function(response) {
if (response.status !== 200) {
console.log('Problem Status Code: ' +
response.status);
return false;
}
// Examine the text in the response
response.json().then(callback);
})
.catch(function(err) {
console.log('Fetch Error :-S', err);
});
}
A further complication is that everything works fine using my localhost test server, but fails when I deploy to the production server. The biggest difference between the two is localhost uses Golang's internal Web server (i.g., http.ListenAndServer()), while the production uses CGI.
Thanks for any pointers on new things to try!
