大猩猩会话不适用于客户的CORS

我已经设置了Go rest api.并在登录时执行此操作:

I have set up a Go rest api. And on login I do this:

session, _ := store.New(r, sessionId)
session.Options.MaxAge = 12 * 3600
err := session.Save(r, w)
//treat error

为了检查会话，我有这样的提示:

and for checking the session i have smth like this:

    session, err := store.Get(r, sessionId)
    //treat error
    if session.IsNew {
        http.Error(w, "Unauthorized session.", http.StatusUnauthorized)
        return
    }

如果我执行邮递员的请求，效果很好，但是当我从客户那里收到请求时，我会得到401.你们中有人遇到过类似的事情吗?该商店是一个CookieStore.

If I do the requests from postman it works fine, but when I do them from my client I get 401. Has any of you experienced something like this? The store is a CookieStore.

我已经检查了ID，我用静态字符串替换了sessionId变量.大猩猩会话使用大猩猩上下文注册一个新请求，当我从邮递员 context.data [r] 发送请求时，该请求不为空，但从客户端开始，该请求始终为空->始终为一个新会话.

I already checked the id's, I replaced sessionId variable with a static string. Gorilla session uses gorilla context to register a new request and when I do the request from postman context.data[r] is not null, but from the client it is always null -> always a new session.

https://github.com/gorilla/context/blob/master/context.go -第33行

它被称为

https://github.com/gorilla/sessions/blob/master/sessions.go -第122行

wich用于CookieStore.Get函数中，

wich is used in the CookieStore.Get function in

https://github.com/gorilla/sessions/blob/master/store.go -第77行

对于客户端，我使用Polymer，我也尝试了xmlhttp.聚合物:

EDIT 1: For the client I use polymer and I tried xmlhttp too. Polymer:

<iron-ajax
  id="ajaxRequest"
  auto
  url="{{requestUrl}}"
  headers="{{requestHeaders}}"
  handle-as="json"
  on-response="onResponse"
  on-error="onError"
  content-type="application/json"
  >
</iron-ajax>

和处理程序

  onResponse: function(response){
    console.log(response.detail.response);
    this.items = response.detail.response
  },
  onError: function(error){
    console.log(error.detail)
  },
  ready: function(){
    this.requestUrl = "http://localhost:8080/api/fingerprint/company/" + getCookie("companyId");
    this.requestHeaders = {"Set-cookie": getCookie("api_token")}
  }

并且cookie成功到达了后端.

and the cookie successfully reaches the backend.

和xmlhttp:

  var xmlhttp = new XMLHttpRequest();
  xmlhttp.onreadystatechange = function() {
    if (xmlhttp.readyState == XMLHttpRequest.DONE ) {
      if(xmlhttp.status == 200){
        //do stuff
      }else if(xmlhttp.status == 401){
        page.redirect("/unauthorized")
      }else{
        page.redirect("/error")
      }
    }
  }

  xmlhttp.open("GET","http://localhost:8080/api/fingerprint/company/" + getCookie("companyId"),true);
  xmlhttp.setRequestHeader("Set-cookie", getCookie("api_token"));
  xmlhttp.send();

因此，我尝试使用fiddler进行调试(感谢您的建议)，结果发现邮递员的请求的粗体条目为 Cookies/Login ，而客户端的请求则没有.知道如何获取/设置该值吗?它以某种方式在Postman中自动设置.在身份验证请求中，我得到一个set-cookie标头，其中包含我需要的所有数据，但无法在客户端上获取.我得到拒绝获取不安全的标头集cookie .

So I tried debugging with fiddler(thanks for the suggestion) and i found out that the request from postman has an bold entry Cookies / Login and the request from the client does not. Any idea how to get/set that value? It is somehow automatically set in Postman. In the authentication request I get a set-cookie header that has all the data that I need but I can't get it on the client. I get Refused to get unsafe header set-cookie.