We're Hiring!

Mattermost, Inc.

Cannot get heades [Set-Cookie]

Hello everyone!!

Summary

Cannot get headers [“Set-Cookie”] when login into the system with custom login

Steps to reproduce

Use Postman, try to login to workspace with your credentials, view headers. You will not see the “Set-Cookie”

Expected behavior

Request headers should have the “Set-Cookie” headers.

Observed behavior

Request headers does not have the “Set-Cookie” headers.

Extra info for context

Im currently developing a custom app for our company using mattermost as the backbone. I created the login and moved on to design the rest of the app, when I went to start making api request all of them would fail. After checking the web client to verify why they were failing, I saw the login had the “set-cookie” headers and they would be used in every request. There I understood my problem.

I needed the set-cookies for every request, so I went and checked the request headers in the app response headers and saw that they were not there. After that I tried with a custom backend that would do the request, same not there. After that I went to postman and same. Without the data in the set-cookies I can’t continue.

Any help would be appreciated,

Hey, me from the future, I gave up with this problem. But a day or so I tried again and my finding where that if you don’t send the x-request-with with the value XMLHttpRequest you will not get the cookies. If this is intended it’s not a good decision for the point of view that it’s not documented. Either the documentation is lacking or there is an unintended feature.

Using a .htaccess file you should have the ability to set and define custom headers with strong variables in the header values itself, to allow you to set multiple cookies with expiration times and likewise, utilizing apache2