Yii Framework Forum: Enabling cookies in REST controllers - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Enabling cookies in REST controllers

#1 User is offline   Solid 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 69
  • Joined: 29-December 12
  • Location:Kristiansand, Norway

Posted 19 October 2017 - 03:05 AM

Original Post on Stack Overflow.

I have a headless application written in yii, with an Angular application using the yii2 api. Currently I'm using local storage for tokens, but I read this link and would like to store the token in a cookie.

Auth action:

\Yii::$app->response->cookies->add(new Cookie([
    'name' => 'token',
    'value'=> $token->__toString()
]));

AuthMethod:

if (($cookie = $cookies->get('token')) !== null) {
    die('Token found in cookie');
    $token = $parser->parse($cookie->value);
}


Using the native PHP $_COOKIE the cookie can be read by the yii2 application, but the setcookie() does not work. It looks like the yii2-rest controller strips away the headers before sending the response.

The token is always null, so it seems like cookies are disabled by default in Rest controllers / JSON responses, how can I enable this?
0

#2 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 3,694
  • Joined: 10-October 10
  • Location:Denmark

Posted 19 October 2017 - 06:42 AM

It is quite normal to disable cookies, etc. - check your REST application configuration.

I would use Angular to store / handle the cookies, because REST is (and should be) stateless.
"Less noise - more signal"
0

#3 User is offline   Solid 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 69
  • Joined: 29-December 12
  • Location:Kristiansand, Norway

Posted 19 October 2017 - 08:28 AM

Its still stateless when using a JWT token, its just safer storage in cookies.

I have not set any rest-specific config settings other than url rules. And I've tried turning sessions back on in the user-config ('enableSession' => true). Do you know if cookies are disabled by default in rest controllers?

EDIT:

for clarity, I'm testing all endpoints in POSTman and I have a backend HTML-based application as well (working with regular sessions and cookies out-of-the-box).
0

#4 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 3,694
  • Joined: 10-October 10
  • Location:Denmark

Posted 19 October 2017 - 09:56 AM

I am not using cookies (yet), but I have this in my config:

    	'request'          	=> [
        	'parsers' => [
            	'application/json' => 'yii\web\JsonParser',
        	],
        	'enableCookieValidation' => false,
        	'enableCsrfValidation'   => false,
    	],

"Less noise - more signal"
0

#5 User is offline   Solid 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 69
  • Joined: 29-December 12
  • Location:Kristiansand, Norway

Posted 23 October 2017 - 06:41 AM

I've played around with the config settings you've posted, but no luck.
The controller in question extends \yii\web\Controller, but uses Response::FORMAT_JSON.

The following code will return the cookie inside `debug`, but the cookie is still not sent in the request headers (Again, in POSTman).

\Yii::$app->response->cookies->add(new Cookie([
    'name' => 'token',
    'value'=> $token->__toString()
]));
$response->data['debug'] = \Yii::$app->response->cookies;


Any other ideas?
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users