CORS $.ajax session cookies (access-control-allow-credentials & withCredentials=true)

Question

I realize this question has been asked a dozen or more times and each response given indicates I am doing it right but perhaps I am missing something.

AJAX serves up

Answer 1

In your example above, you are setting the Access-Control-Allow-Origin header to 'http://someotherdomain.com', which is the same as the url you are requesting from JQuery. The Access-Control-Allow-Origin header should be the value of the domain the request is coming from. As a quick, test, try setting the value of this header to '*' (without the quotes) and see if it works ('*' means all domains are allowed).