Browsers are not setting cookies although I have Set-Cookie in response

Question

I have an api endpoint for static S3 hosted site. The S3 site lives on the domain name: www.mysite.com

My api (django) runs on the site the domain name: api.mysite.com

When I use my login button on my site and sign in using proper username/password django sends back response with a Set-Cookie but the browser doesn't set any cookies. You can see the full response below,

Request URL:http://api.mysite.com:8000/api/form/login/
Request Method:POST
Status Code:200 OK
Request Headersview source
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Content-Length:46
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:api.mysite.com:8000
Origin:http://mysite.com
Pragma:no-cache
Referer:http://mysite.com/eventform.html
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.22 (KHTML, like Gecko) Ubuntu Chromium/25.0.1364.160 Chrome/25.0.1364.160 Safari/537.22
Form Dataview sourceview URL encoded
token:68f4ebd02c0e1915d3e3110a04fccb0ab670aeab
Response Headersview source
Access-Control-Allow-Origin:*
Content-Type:text/html; charset=utf-8
Date:Mon, 13 May 2013 22:21:54 GMT
Server:WSGIServer/0.1 Python/2.7.3
Set-Cookie:sessionid=3kn2hovtweeofalf00ld3lowb6yvete; Domain=.mysite.com; expires=Mon, 27-May-2013 22:21:54 GMT; Max-Age=1209600; Path=/
Vary:Cookie

note the line Set-Cookie:sessionid=3kn2hovtweeofalf00ld3lowb6yvete; Domain=.mysite.com; expires=Mon, 27-May-2013 22:21:54 GMT; Max-Age=1209600; Path Set-Cookie:sessionid=3kn2hovtweeofalf00ld3lowb6yvete; Domain=.mysite.com; expires=Mon, 27-May-2013 22:21:54 GMT; Max-Age=1209600; Path Set-Cookie:sessionid=3kn2hovtweeofalf00ld3lowb6yvete; Domain=.mysite.com; expires=Mon, 27-May-2013 22:21:54 GMT; Max-Age=1209600; Path =/

In Django I have the SESSION_COOKIE_DOMAIN = '.mysite.com'

but I've tried changing it to 'mysite.com' and '' neither of which has allowed my browser to set this returned cookie.

www.msyite.com is a static site hosted on Amazon S3 but I'm using Django as my api/backend for data.

When I render my login pages using Django they work just fine (login/logout cookies and sessions all work fine, so I know it's not my django code) but when using S3 or even a python SimpleHTTPServer the browser doesn't set the returned cookie.

Thanks in advance!

Answer 1

AFAIK the purpose of a static S3 site is to not set/accept any cookies at all?

We're using that for static content like images in order to get rid of all that cookie stuff and not have the overload in the request during image or CSS requests.

And: S3 is not a usual web server, it behaves very different, RTM is highly recommended. It's weired, true, but the answer I distilled from this thread Can S3 set a user cookie? is just "No."