为什么我的浏览器不存储ASP MVC CORE 2 cookie？

Question

为什么我的浏览器不存储ASP MVC CORE 2 cookie？

Pet*_*ris 2 cookies asp.net-mvc asp.net-web-api asp.net-core

我有一个Angular(4)客户端(localhost:4200),它调用ASP MVC CORE 2 WebApi.其中一个调用http://localhost:5000/api/session/resume返回一个cookie以及响应.

在动作方法中,我已经返回3个cookie用于测试目的.

    [AllowAnonymous, HttpPost, Route("api/session/resume")]
    public async Task<AccountSignInResponse> Resume([FromBody]SessionResumeCommand command)
    {
        AccountSignInResponse apiResponse = await Mediator.Send(command);
        if (!apiResponse.HasErrors) {
        Response.Cookies.Append("TestCookie", ..., new CookieOptions
        {
            Domain = "localhost",
            Expires = DateTimeOffset.Now.AddDays(100),
            HttpOnly = false
        });
        Response.Cookies.Append("TestCookie4200", ..., new CookieOptions
        {
            Domain = "localhost:4200",
            Expires = DateTimeOffset.Now.AddDays(100),
            HttpOnly = false
        });
        Response.Cookies.Append("TestCookie5000", ..., new CookieOptions
        {
            Domain = "localhost:5000",
            Expires = DateTimeOffset.Now.AddDays(100),
            HttpOnly = false
        });            }
        return apiResponse;
    }

Run Code Online (Sandbox Code Playgroud)

此请求的标头是

Request URL:http://localhost:5000/api/session/resume
Request Method:POST
Status Code:200 OK
Remote Address:[::1]:5000
Referrer Policy:no-referrer-when-downgrade

Run Code Online (Sandbox Code Playgroud)

响应头是

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Vary: Origin
Server: Kestrel
Set-Cookie: TestCookie=XXVtPqCdZ%2BBt9IbhP5Bi7sOLZ%2F%2BELB4fZ0rFArkM%2Be4%3D; expires=Fri, 03 Nov 2017 09:47:28 GMT; domain=localhost; path=/
Set-Cookie: TestCookie4200=XXVtPqCdZ%2BBt9IbhP5Bi7sOLZ%2F%2BELB4fZ0rFArkM%2Be4%3D; expires=Fri, 03 Nov 2017 09:47:28 GMT; domain=localhost:4200; path=/
Set-Cookie: TestCookie5000=XXVtPqCdZ%2BBt9IbhP5Bi7sOLZ%2F%2BELB4fZ0rFArkM%2Be4%3D; expires=Fri, 03 Nov 2017 09:47:28 GMT; domain=localhost:5000; path=/
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:4200
X-SourceFiles: =?UTF-8?B?QzpcZGV2XFhlcnhlc1xYZXJ4ZXMtU2VydmVyXFNlcnZlclxhcGlcc2Vzc2lvblxyZXN1bWU=?=
X-Powered-By: ASP.NET
Date: Wed, 26 Jul 2017 09:47:28 GMT

Run Code Online (Sandbox Code Playgroud)

如您所见,Cookie正在从http://localhost:5000/api/session/resume通话中返回,但它们并未存储在Chrome,Edge或Firefox中的本地Cookie中.因此,当进一步请求图像和其他资源时,我只看到另一个cookie(cookieLawSeen),而不是这个.

当我在所有这些浏览器中浏览localhost的cookie时,我在存储中看不到任何SessionTokens.但是,如果我查看F12开发人员工具中的请求,我可以单击[Cookies]选项卡,然后查看ResponseCookies包含所有三个cookie.

Answer 1

Set*_*Set 6

你需要使用withCredentials财产.发送和接收cookie都需要它:

指示是否应使用Cookie,授权标头或TLS客户端证书等凭据进行跨站点访问控制请求.

true每次从Angular进行api调用时都将其设置为.类似于以下内容:

this.http.get('http://...', { withCredentials: true })

Run Code Online (Sandbox Code Playgroud)

归档时间：	8 年，3 月前
查看次数：	1047 次
最近记录：	8 年，1 月前