cookies not being sent over the server

I have a backbone app (residing on that takes code sends it to the django server ( that exchanges the code for an access token (simple oauth exchange). I am using Chrome/49.0.2623.87.

The sends a cookie back to the client ( during the auth stage, but this cookie never gets sent back again on future requests. I do not think it is a cross domain cookie issue or a browser unable to set a cookie on a 302 redirect.

I would like to know why the cookie is not be sent to the server on subsequent requests.

Here are some details:

Step 1: Request Header.. Authentication Phase Request: Sending the Oauth 'code' from to the to get the access token. This request is through ajax. The cookie you see here may be from a previous request, but do not care at this point really

GET /fbauth/?code=fb_code_long_string&state=%7B%22client_id%22%3A34343642979%2C%22network%22%3A%22facebook%22%2
Cookie: csrftoken=1MTginTGXLHAku5LMHAMLLTrQEX2M4jj; sessionid=igc8a7vidgbi8rzxgm7whgb5rh8uqxa9`

Step 2: Response Header.. Authentication Phase Response [ responds with 302 and gets redirected to and sets cookie]

HTTP/1.0 302 FOUND
Server: WSGIServer/0.1 Python/2.7.10
Vary: Cookie
X-Frame-Options: SAMEORIGIN
Set-Cookie: csrftoken=g0BEHLD0HAH4vBQLQFpKOEn2andrYMhG; expires=Tue, 14-Mar-2017 22:00:16 GMT; Max-Age=31449600; Path=/
Set-Cookie: sessionid=igc8a7vidgbi8rzxgm7whgb5rh8uqxa9; expires=Tue, 29-Mar-2016 22:00:16 GMT; httponly; Max-Age=1209600; Path=/

Step 3: Later, js from sends a requests to No cookie is sent

GET /posts/gcc-speaker-training-on-april-25 HTTP/1.1
Connection: keep-alive
Accept: application/json, text/javascript, */*; q=0.01
Authorization: Basic facebook:CAAEdTwh7fCMBAMEr6wC3ajZANVnZBMPenjseiNShjcXOJJ0PbiJ0GFXI7lSjzkP
DNT: 1


There were a few things I had to do to get this working.

It turns out that I was doing cross domain requests, and here is how I solved it:

1 : Ensure the server serving your pages has the Access-Control-Allow-Origin set.. I was using the http-server and did the following:

`http-server . --cors`

2 : I did the following for the ajax call

$.ajax('', {
    type: "GET",
    contentType: "application/json; charset=utf-8",
    success: function(data, status, xhr) {
      // do something;
    error: function(jqxhr, textStatus, errorThrown) {
    console.log("cannot get orgs");
    xhrFields: {
    withCredentials: true
    crossDomain: true

Note the xhrFields and crossDomain.

3: I did the following in django



I think the last bit was important so that the browser can send the cookie.. So perhaps not cross domain, but cross sub-domain.

Need Your Help

cant recieved log object on socket io?

java netty slf4j logback

I have configured logs on socket. I want to read log object(configured on socket) on when I execute log-program, socket-io received request but throw following exception.

Android: Why doesn't my second TextView show up, while the first one does?

java android

i added a second TextView and it is supposed to be beneath the first TextView but now the first TextView is working but the second one isn't showing up.