Open in app

Sign in

Write

Sign in

How is the front end cookie kept valid on the front end in a SPA that does not do full page…
1

Justin coon

Albert Starreveld
1 min readMay 23, 2024

--

Hi Justin,

I'm afraid I don't understand your question.

- What do you mean by front-end? The SPA?

- Isn't the concept of a SPA not to have full page refreshes?

I'll elaborate a little on how it works:

- The SPA (cdn), index.html, and the API = the BFF

- This means everything is on the same domain e.g. there's www.yoursite.com/index.html, www.yoursite.com/dist/minified-spa.js, www.yoursite.com/api/{*}

- The SPA does not "grab" an access token from the cookie, the cookie is for the site to maintain the http session only

- The SPA posts to relative urls e.g. /api/foo/bar?yada=ya, consequently, these requests will include the session cookies. This is how ASP.NET knows to which session the http request belongs

Consequently,

- The cookie is an ASP.NET Core Http Session cookie, we only use standard ASP.NET Core Http Sessions, nothing funky...

- Refreshing, or switching pages does not impact the validity of the cookie.

Hope this answers your question? If not, can you please provide some more context?

Best,

--

--

Albert Starreveld
Albert Starreveld

Written by Albert Starreveld

941 Followers
51 Following

Passionate about cloud native software development. Only by sharing knowledge and code can we take software development to the next level!

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams