spira#66

fix saving new cookie after token refresh
update readme

README.md

@@ -198,6 +198,25 @@ namespace app.guest.login {
 }
 ```
 
+## Cookies
+
+Cookies are helpful for adding the authentication token to external, non angular, requests to an API.  For example, if
+you have an `<img>` tag that references a dynamic image on the API that requires authentication.  The browser can add
+the token in a cookie when making the image request.
+
+To enable cookies set `config.cookie.enabled = true`.
+
+You can optionally allow the cookie to be used for requests on other subdomains.  This is useful if your webapp is on
+one subdomain but your API is on a different subdomain.
+
+angular-jwt-auth can automatically find the top level domain (like `example.com`) or you can provide a specific domain
+name.  Note that your domain must be the top level domain (or a subdomain) of the location in the browser URL.
+
+To enable automatic top level domain detection set `config.cookie.topLevelDomain = true`.
+
+To set a specific top level domain name set `config.cookie.topLevelDomainName = "your.domain.name"`
+
+
 ## Todo
 * Better documentation with examples in typescript.
 * Site hosted on github showing off examples with material

src/ngJwtAuthInterfaces.ts

@@ -10,6 +10,7 @@ export interface ICookieConfig {
     enabled:boolean;
     name?:string;
     topLevelDomain?:boolean;
+    topLevelDomainName?:string;
 }
 
 export interface INgJwtAuthServiceConfig {

src/provider/ngJwtAuthServiceProvider.ts

@@ -56,6 +56,7 @@ export class NgJwtAuthServiceProvider implements ng.IServiceProvider {
                 enabled: false,
                 name: 'ngJwtAuthToken',
                 topLevelDomain: false,
+                topLevelDomainName: null,
             }
         };
 

src/service/ngJwtAuthService.ts

@@ -29,8 +29,6 @@ export class NgJwtAuthService {
     private refreshTimerPromise:ng.IPromise<any>;
     private tokenData:IJwtToken;
 
-    private topLevelDomainName:string;
-
     //public properties
     public user:IUser;
     public loggedIn:boolean = false;
@@ -412,8 +410,8 @@ export class NgJwtAuthService {
 
         if (this.config.cookie.enabled) {
             let options = undefined;
-            if (this.topLevelDomainName) {
-                options = {domain: this.topLevelDomainName}
+            if (this.config.cookie.topLevelDomainName) {
+                options = {domain: this.config.cookie.topLevelDomainName}
             }
             this.$cookies.remove(this.config.cookie.name, options);
         }
@@ -578,8 +576,12 @@ export class NgJwtAuthService {
         let cookieKey = this.config.cookie.name,
             expires = new Date(tokenData.data.exp * 1000); //set the cookie expiry to the same as the jwt
 
-        if (this.config.cookie.topLevelDomain) {
-
+        if (this.config.cookie.topLevelDomainName) {
+            this.$cookies.put(cookieKey, rawToken, {
+                domain: this.config.cookie.topLevelDomainName,
+                expires: expires,
+            });
+        } else if (this.config.cookie.topLevelDomain) {
             let hostnameParts = this.$location.host().split('.');
             let segmentCount = 1;
             let testHostname = '';
@@ -593,9 +595,7 @@ export class NgJwtAuthService {
                 });
 
                 if (this.$cookies.get(cookieKey)) { //saving the cookie worked, it must be the top level domain
-                    if (testHostname && !this.topLevelDomainName) {
-                        this.topLevelDomainName = testHostname
-                    }
+                    this.config.cookie.topLevelDomainName = testHostname;
                     return; //so exit here
                 }