We have a Node.js application that invokes a Spring controller. For a PoC purpose, I am creating the cookie in the Spring controller before returning the JSON response to the Node.js application.
Cookie cookie = new Cookie("myCookie", "myCookieValue");
response.addCookie(cookie);
I had my Firebug console open to see if the cookies created in server side are visible but, unfortunately i did not see them.
Also, on the 2nd submit, i tried reading the cookies using request.getCookies() but this is also giving me NULL.
Are the cookies not being received by the browser because it is a
Ajax/JSON request-response ?
Related
I am trying to log in to a service using Ext.Ajax.request (ExtJS Version 6.2) by sending user id and password. A session cookie .ASPXAUTH is returned back in the response. I want to know about a way to get this cookie value, store it at client side and use it for further Ajax calls.
Assuming that the "cookie" is returned in the Set-Cookie HTTP response header, you don't need any additional steps to set it or "store it at the client side". As for the getting its value part, you can use the Ext.util.Cookies.get("cookieName") method.
When using Spring Security: after a user is authenticated, subsequent request are validated using JSESSIONID header field(cookie field) by Spring Security filters.
So, on subsequent requests if I am submitting a form or making a resource request, the browser would automatically include the JSESSIONID and on the server side the JSESSIONID would be validated by the Spring Security filter and if every things fine then the form would be accepted or the request would be served.
But after authentication, if the jsp or the front-end pages has a AJAX(or jQuery or dojo) request to be made to the server what would happen. What I am not sure is will the brower include the JSESSIONID header field even with AJAX request?
Yes. The JSESSIONID is automatically passed along in AJAX requests.
As long as the domain of the JSESSIONID cookie matches the domain of the AJAX request, then this will be handled automatically.
I'm trying to do a simple load-test in a website which requires you to log in first.
I read the jmeter documentation about the cookie manager and looks like as long as I make all my requests within the same thread group where the cookie manager is the sessionID is shared among the http requests but is not my case.
The simple structure I have is:
Thread Group
HTTP Cookie Manager
HTTP Requests Defaults
Simple Controller
http request // POST method to authenticate in the site (this works fine, I get a session id)
http request // GET method (this one should use the same session id from the previous http requests but I get a new one instead)
I did this same web page flow in firefox using firebug to see the requests/responses and the session id is the same, the server doesn't send a new one so looks like the cookie manager is not keeping the same session id and using it for all the requests.
Can someone point me in the right direction? What I am doing wrong?
Check the get request sends the same jsessionid cookie in the request as the one returned in previous response.
If it's the case then check your login was fine, as it is probably root cause of issue
Can an AJAX response set a cookie? If not, what is my alternative solution? Should I set it with Javascript or something similar?
According to the w3 spec section 4.6.3 for XMLHttpRequest a user agent should honor the Set-Cookie header. So the answer is yes you should be able to.
Quotation:
If the user agent supports HTTP State Management it should persist,
discard and send cookies (as received in the Set-Cookie response
header, and sent in the Cookie header) as applicable.
Yes, you can set cookie in the AJAX request in the server-side code just as you'd do for a normal request since the server cannot differentiate between a normal request or an AJAX request.
AJAX requests are just a special way of requesting to server, the server will need to respond back as in any HTTP request. In the response of the request you can add cookies.
For the record, be advised that all of the above is (still) true only if the AJAX call is made on the same domain. If you're looking into setting cookies on another domain using AJAX, you're opening a totally different can of worms. Reading cross-domain cookies does work, however (or at least the server serves them; whether your client's UA allows your code to access them is, again, a different topic; as of 2014 they do).
Also check that your server isn't setting secure cookies on a non http request. Just found out that my ajax request was getting a php session with "secure" set. Because I was not on https it was not sending back the session cookie and my session was getting reset on each ajax request.
I know when you request a page normally it is typically the case that you would use server side session data and set cookies via HTTP headers, but does it work the same when the content is requested via AJAX?
An AJAX request contains the same request/response information as a traditional HTTP request. You can set cookies on the client once the async callback is executed, etc.