Browsers not sending back cookies when using CORS XHR

I don't really know anything about this other than what I've read, but according to the MDN docs there's a "withCredentials" property on the XHR object, and that needs to be set:

xhr.withCredentials = true;

By default, it's false. Without that flag being set, cookies are not transmitted and cookie headers in the response are ignored.

edit — I swear I read your question a couple times, but I totally missed your mention of the flag . Sorry. However, so as this isn't a total waste, I'll also mention that your server needs to be setting the "Access-Control-Allow-Credentials" flag to true in the response header, and "Access-Control-Allow-Origin" set to your current protocol + host + port.

This happened to me before, and I can tell it's pretty stupid.

If you're using a virtual machine, you usually suspend it/resume it whenever you need it etc.

This means that the date of the virtual machine is usually some days late (or more) compared to the host, or any client you're using.

So when the server sets the cookie expire's date (usually a couple hours after current date), it is already expired on the client. Thus, the client doesn't keep it.

To update your date on your virtual machine, I suggest you just use ntpdate, or you can manually set the date to see if that's the problem:

# what's the date?date# You'll see if it's the problem already# If it is, here is how to manually set itdate -set 2012-07-22 # yyyy-mm-dddate -set 17:00:42 # hh:mm:ss

I just had this problem, the solution in my case was add the path to the cookie, so when add the cookie you must use:

document.cookie = 'cookieName=cookieValue;path=/';

this way the browser will be able to send the cookie in the new request.

PS: You also need the xhr.withCredentials = true; if you are using cross domain request.