Quick note about the new fetch() API
Fri, Jun 24, 2016If you’re running into a problem where the server is properly returning a Set-Cookie header, but subsequent requests from your browser aren’t sending them (either via the fetch() API or through normal requests), I have the answer!
Your call to fetch() must have the following configuration option:
credentials: 'same-origin'
. The documentation states that this
option is required for the fetch() API to send cookies, but it is also
required for the browser to accept cookies returned from the
server. Lesson learned the hard way.