Skip to main content

Why jquery ajax not sending session cookie

Image
By User


I am getting logged out when I send request by ajax in a login session. I check headers sent by FireBug and show there was not cookie



Source: Tips4allCCNA FINAL EXAM
Labels:

Comments

  1. UserMay 13, 2012 at 8:30 AM

    AJAX calls only send Cookies if the url you're calling is on the same domain as your calling script.

    This may be a Cross Domain Problem.

    Maybe you tried to call a url from www.domain-a.com while your calling script was on www.domain-b.com (In other words: You made a Cross Domain Call in which case the browser won't sent any cookies to protect your privacy).

    In this case your options are:


    Write a small proxy which resides on domain-b and forwards your requests to domain-a. Your browser will allow you to call the proxy because it's on the same server as the calling script.This proxy then can be configured by you to accept a cookie name and value parameter which it can send to domain-a. But for this to work you need to know the cookie's name and value your server on domain-a wants for authentication.
    If you're fetching JSON objects try to use a JSONP request instead. jQuery supports these. But you need to alter your service on domain-a so that it returns valid JSONP responds.


    Glad if that helped even a little bit.

    ReplyDelete
  2. UserMay 13, 2012 at 8:30 AM

    I am operating in cross-domain scenario. During login remote server is returning Set-Cookie header along with Allow-Access-Control-Credentials set to true.

    The next ajax call to remote server should use this cookie.

    CORS's Access-Control-Allow-Credentials is there to allow cross-domain logging. Check https://developer.mozilla.org/En/HTTP_access_control for examples.

    For me it seems like a bug in JQuery (or at least feature-to-be in next version).

    UPDATE:
    1) Cookies are not set automatically from AJAX response (citation: http://aleembawany.com/2006/11/14/anatomy-of-a-well-designed-ajax-login-experience/)

    Why?

    2) You cannot get value of the cookie from response to set it manually (http://www.w3.org/TR/XMLHttpRequest/#dom-xmlhttprequest-getresponseheader)

    I'm confused..

    There should exist a way to ask jquery.ajax() to set XMLHttpRequest.withCredentials = "true" parameter.

    ANSWER:
    You should use xhrFields param of http://api.jquery.com/jQuery.ajax/

    The example in the documentation is:

    $.ajax({
    url: a_cross_domain_url,
    xhrFields: {
    withCredentials: true
    }
    });

    ReplyDelete

Post a Comment

Popular posts from this blog

Slow Android emulator

By User
I have a 2.67 GHz Celeron processor, 1.21 GB of RAM on a x86 Windows XP Professional machine. My understanding is that the Android emulator should start fairly quickly on such a machine, but for me it does not. I have followed all instructions in setting up the IDE, SDKs, JDKs and such and have had some success in staring the emulator quickly but is very particulary. How can I, if possible, fix this problem?
30 comments
Read more