Work with a project that uses cookies to identify the user.
When the user arrives, he calls the service (which is running on the local host), and the cookie sending service with the response header looks like this:
curl 'http://127.0.0.1:8000/api/v1.0/tracking' -X OPTIONS -H 'Access-Control-Request-Method: POST' -H 'Origin: http://local.com:8080' -H 'Access-Control-Request-Headers: content-type,x-forwarded-for' --compressed
The response header is as follows:
HTTP/1.1 200 OK Connection: keep-alive Keep-Alive: 60 Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, x-forwarded-for Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, PATCH, GET Content-Length: 0 Content-Type: text/plain; charset=utf-8 Set-Cookie: id=random_id_123_123; expires=Wed, 06-Dec-2017 10:57:36 GMT; Domain=.local.com; Path=/
Then, after a specific user action, the application sends the following API request:
curl 'http://127.0.0.1:8000/api/v1.0/tracking?event=video_added&user_id=123123123' -H 'Origin: http://local.com:8080' -H 'Accept: */*' -H 'Referer: http://local.com:8080/' -H 'Connection: keep-alive' --compressed
The request header for the above request is as follows:
GET api/v1.0/tracking?event=video_added&user_id=123123123 HTTP/1.1 Host: 127.0.0.1:8000 Connection: keep-alive Accept: */* Origin: http://local.com:8080 User-Agent: My user agent Referer: http://local.com:8080/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
I was expecting the cookie (random_id_123_123) to be accepted with the first request, as the response header will be the request header for the second request.
The website runs on: http://local.com:8080 (which actually runs on the local computer and my vhost config setting is 127.0.0.1 local.com) and it is served by python SimpleHTTPServer .
The backend service that sets the cookie also runs on port 8000 in the local host. It seems that I missed something during the implementation. What is it?
Edit: Here is the code .