Icon View Thread

The following is the text of the current message along with any replies.
Messages 11 to 20 of 21 total
Thread Sessions
Fri, Aug 7 2015 10:38 AMPermanent Link

squiffy

Telemix Ltd.

Avatar

One of my posts got lost (must have not clicked post) -
Here's a sample response header set from the server. Will see what else I can glean as well.

Access-Control-Allow-Orig...   
*
Content-Length   
20
Expires   
Thu, 01 Jan 1970 00:00:00 GMT
Server   
Jetty(9.1.z-SNAPSHOT)
Set-Cookie   
JSESSIONID=14nfz0q3lrlhzmo5awcf9ff0y;Path=/
Fri, Aug 7 2015 1:32 PMPermanent Link

squiffy

Telemix Ltd.

Avatar

Well, it's definitely something I'm doing as it fails to save the session from the same server using a client written in NSBasic as well.

What threw me was the fact that the EWB app works fine when run in the IDE, so it obviously does something differently or reacts differently to all my external browsers.

Tim - any idea what that might be to give me a clue as to what to look for on my side? Scratching my head on this one.

Thanks.
Fri, Aug 7 2015 1:53 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

squiffy wrote:

<< Here's a sample response header set from the server. Will see what else I can glean as well. >>

Yeah, the web server application is trying to set the session ID as a cookie in the response headers.  Of course, with AJAX (TServerRequest), you cannot deal with cookies, hence the problem. In fact, you can't even retrieve the Set-Cookie header with AJAX:

http://stackoverflow.com/questions/12840410/how-to-get-a-cookie-from-an-ajax-response

Tim Young
Elevate Software
www.elevatesoft.com
Fri, Aug 7 2015 1:54 PMPermanent Link

squiffy

Telemix Ltd.

Avatar

Ok, this is to do with cross domain scripting, but not in the way I thought. Whilst allowing it does permit the Ajax call to work it appears you can't set cookies this way.

Don't fully understand this yet, so still reading, but if anyone "knows" and could point in the right direction .....

thanks.,
Fri, Aug 7 2015 1:55 PMPermanent Link

squiffy

Telemix Ltd.

Avatar

Tim - our posts just crossed. Just came to the same conclusion.

Pain for testing. Ah well.
Fri, Aug 7 2015 2:03 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

squiffy wrote:

<< Tim - our posts just crossed. Just came to the same conclusion.

Pain for testing. Ah well. >>

Do they have an API that you can use that doesn't rely on cookies ?  Any "normal" http header in the response will be something that you can easily extract.

Tim Young
Elevate Software
www.elevatesoft.com
Fri, Aug 7 2015 2:21 PMPermanent Link

squiffy

Telemix Ltd.

Avatar

Ok, just deployed the EWB app to the web server and all is well.

So the issue is AJAX & CORS combined (here's another SO Q&A which backs it up : http://stackoverflow.com/questions/2870371/why-is-jquerys-ajax-method-not-sending-my-session-cookie).

The browser doesn't send the cookie back to the server (except for the one in the IDE, which does *appear* to).

Tim - the API is mine so I can do whatever I like with it. Just so used to doing it with session cookies that I couldn't understand why it was failing this time. Of course, normally I develop directly on the webserver using Netbeans (remote PHP), so my "deployment" is in line with the execution. No CORS issues with that.

Next question - feature request. Please can you add SCP deployment options? At the moment I need to deploy locally then SCP the files to the server. Hardly a deal breaker but definitely a pain in the horizontal gluteal crease by the 15,000th deploy....
Fri, Aug 7 2015 2:59 PMPermanent Link

squiffy

Telemix Ltd.

Avatar

Actually, all is not well because my API server runs on a different port to the web server. So even if they are on the same box I get CORS issues (my test above was to a quick PHP mock up which worked).

Tim - can I set the xmlHttpRequest's "withCredentials" option, as per this : http://www.html5rocks.com/en/tutorials/cors/

I tried setting it as a header like this :
ServerRequest1.RequestHeaders.Add('withCredentials: true');

but that just caused more problems (it complained about CORS again).

it looks like if I set the
"Access-Control-Allow-Credentials" to "true" on the server and set this withCredentials option on the client, it should send cookies XDomain. Well, should is a bit string - might is probably better.

Thanks all.
Mon, Aug 10 2015 10:16 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

squiffy,

<< Next question - feature request. Please can you add SCP deployment options? >>

I'll look into it, but it's not high on the list.

<< At the moment I need to deploy locally then SCP the files to the server. Hardly a deal breaker but definitely a pain in the horizontal gluteal crease by the 15,000th deploy.... >>

Do you not have a secure FTP server you can use ?

Tim Young
Elevate Software
www.elevatesoft.com
Mon, Aug 10 2015 10:19 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

squiffy,

<< Tim - can I set the xmlHttpRequest's "withCredentials" option, as per this : http://www.html5rocks.com/en/tutorials/cors/ >>

No, EWB 2 targets IE9 and higher, and that property isn't supported in IE9.

Tim Young
Elevate Software
www.elevatesoft.com
« Previous PagePage 2 of 3Next Page »
Jump to Page:  1 2 3
Image