Hello guys, I made a PHP API I am testing it with the postman when log in API sends you cookie contains token (JWT) then you can perform other actions everything is working fine on postman and I can see the cookie, but when i made the client-side when I log in the cookie does not exist I don't know why?
What I have tried:
<?php
header('Access-Control-Allow-Origin: domain');
header('Access-Control-Allow-Credentials: true');
header('Content-Type: application/json');
header('Access-Control-Allow-Methods: POST');
header('Access-Control-Allow-Headers: Access-Control-Allow-Headers,Content-Type,Access-Control-Allow-Methods, Authorization, X-Requested-With');
require_once "../../index.php";
$admin_model = new Admin();
$admin_data = $admin_model->read_admin()[0];
$raw_data = json_decode(file_get_contents("php://input"), true);
if ($raw_data["username"] == $admin_data["username"]
&& $raw_data["password"] == $admin_data["password"]) {
$new_token = JWT::sign([
"algo" => "sha256",
"typ" => "jwt",
], [
"admin" => true,
"iat" => date("Y-m-d H:i:s"),
"exp" => date("Y-m-d H:i:s", strtotime("+1 minutes", strtotime(date("Y-m-d H:i:s")))),
], SECRET);
if (!isset($_COOKIE["token"])) {
setcookie("token", $new_token, time() + 60, "/");
echo json_encode(["message" => "New token generated!", "data" => [], "logged" => true]);
exit();
}
if (!JWT::verify($_COOKIE["token"], SECRET)) {
setcookie("token", $new_token, time() + 60, "/");
echo json_encode(["message" => "New token generated!", "data" => [], "logged" => true]);
exit();
}
echo json_encode(["message" => "Success!", "data" => [], "logged" => true]);
} else {
echo json_encode(["message" => "Error!", "data" => [], "logged" => false]);
}