I have an API server on localhost:3000, running a client based on vue/webpack template on localhost:8080. The API server uses express-session to send back a header set-cookie: connect.sid=...
. This then sent on future requests to verify the session. This works fine when testing the API via Postman: send a login request with credentials, then an API request to confirm the session.
However, on the Vue.js client, using Vue-Resource, I make a request and see the header set in the response but most of the time it does not seem to be set in the client when checking via Chrome dev tools Application > Cookies > localhost:8080
I've seen it there sometimes and since it's working in Postman I guess I'm doing something wrong. I'm sending a pretty standard request: this.$http.post(
http://localhost:3000/auth/login`, creds).then((res) => { ... }). Doing
res.headers.get('set-cookie')` results in null which is consistent but confusing.
What else can I do to figure out what's going on? Behavior consistent across browsers but not in Postman, so it seems likely some sort of client bug
Edit: The set-cookie is lowercase and I see this bug filed which might be related: https://github.com/pagekit/vue-resource/issues/317