front end
$.ajax({ url : 'http://remote.domain.com/corsrequest', data : data, dataType: ' json', type : 'POST', xhrFields: { withCredentials: true }, crossDomain: true, contentType: “application/ json", }) By setting withCredentials: true, when sending Ajax, Cookie information will be included in the Request header.
Backstage
Corresponding to the client's xhrFields.withCredentials: true parameter, the server runs the client's certificate-based access by setting Access-Control-Allow-Credentials = true in the response header. By setting the Credentials parameter, you can maintain cookies during cross-domain Ajax. What needs to be noted here is:
When server-side Access-Control-Allow-Credentials = true, the value of parameter Access-Control-Allow-Origin cannot be ‘*’.