Sessions are usualy used for this. According to Wikipedia, when no expiration date is set, a cookie is cleared when the user closes the browser. The cookie setter can specify a deletion date, in which case the cookie will be removed on that date. If the cookie setter does not specify a date, the cookie … Read more
Fetch does not use cookie by default. To enable cookie, do this: fetch(url, { credentials: “same-origin” }).then(…).catch(…);
According to the ancient Netscape cookie_spec the entire NAME=VALUE string is: a sequence of characters excluding semi-colon, comma and white space. So – should work, and it does seem to be OK in browsers I’ve got here; where are you having trouble with it? By implication of the above: = is legal to include, but … Read more
By design, domain names must have at least two dots; otherwise the browser will consider them invalid. (See reference on http://curl.haxx.se/rfc/cookie_spec.html) When working on localhost, the cookie domain must be omitted entirely. You should not set it to “” or NULL or FALSE instead of “localhost”. It is not enough. For PHP, see comments on … Read more
Yes, it is absolutely possible to get the cookie from domain1.com by domain2.com. I had the same problem for a social plugin of my social network, and after a day of research I found the solution. First, on the server side you need to have the following headers: header(“Access-Control-Allow-Origin: http://origin.domain:port”); header(“Access-Control-Allow-Credentials: true”); header(“Access-Control-Allow-Methods: GET, POST”); … Read more