I know when you request a page normally it is typically the case that you would use server side session data and set cookies via HTTP headers, but does it work the same when the content is requested via AJAX?
An AJAX request contains the same request/response information as a traditional HTTP request. You can set cookies on the client once the async callback is executed, etc.
Related
How does browser send back cookie to the server during post requests. How is this different than the form data that is sent during a post ?
Also are the values of cookies for a particular domain automatically sent back to the domain for all its subsequent requests ?
Thanks,
Murtaza
There is no different between how cookies are sent for GET and POST requests.
Form data is data such as fields from an HTML Form, eg. name, username, file, etc...
Any cookies sent back in a response from a domain will be sent back to the server in subsequent requests. This is true in web browsers at least, if you are doing this in code, you might have to write additional code to handle cookies.
This should work for AJAX calls made by your browser as well as full pages. Every request, be it full pages, images or AJAX calls will have the Cookies attached if they are going to an appropriate domain and path.
These primers on cookies and HTTP POST would be useful:
http://en.wikipedia.org/wiki/HTTP_cookie
http://en.wikipedia.org/wiki/POST_(HTTP)
I have to integrate a 3rd party newsletter signup form that makes an AJAX call to HTTP url.
That form I'm placing on pages that use HTTP or HTTPS protocols ( http for home pg., ect.; https for ecommerce related stuff )
I don't think anything is sent back from the destination server ( at least I can't see the response) other than status code.
I'm getting 200 OK whether I submit the form from HTTP or HTTPS page and watch what's going on with it in Firebug. Wonder if it's safe to assume the call gets processed successfully?
Usually, I like to have a proof positive that something worked or didn't, but in this case all test signups show up the next day, ( due to sign up getting processed as some scheduled task I'm guessing ), hence the unease.
You can call https server from http but can't call http from https directly using AJAX.
To call http user from https server you need to call your server side application from java script using AJAX, and then call http url from your server side application then send back this to the client.
You can use window.location.protocol to check whether you're currently on a Secure connection, and if so, you should AJAX a secure url.
will any webserver [IIS possibly] know whether a request is an AJAX request or a Normal one.
If you are using native XmlHttpRequests then there is no difference between this request and once generated by visiting a page or submitting a form. If you use jQuery to create the AJAX request then is adds a request header X-Requested-With: XMLHttpRequest. This header could be used to distinguish AJAX and non-AJAX requests.
Some (most?) frameworks can send a custom header, but, really, an ajax request is just the same as a "normal" request from the point of view of the server.
If you use curl, wget, telnet, or a program you write yourself, then the web server handles the request the same way - at the end of the day, it's all HTTP.
The easiest way for the receiving page to 'know' would be to send a query string parameter. This isn't 100% safe though.
Firebug can show you what is being sent to the server from both types of requests, try it out.
Possibly, it is not the webserver that can distinguish, but the server side code might be able to distinguish. If you are talking about ASP.NET and AJAX, then ScriptManager.IsInAsyncPostBack can be used to find whether a postback is from AJAX or not.
I want to ask you how the browser sends ajax request i mean what is the format of ajax request. So what is actual format of AJAX request sent by browser.
Thanks in advance
If you install Firefox and Firebug you can see for yourself:
http://codeclimber.net.nz/archive/2007/08/01/How-to-debug-XmlHttpRequest-with-Firebug.aspx
It's a standard HTTP request - just like any other request the browser makes.
You can read more about the XMLHttpRequest call and indeed the structure of a HTTP request on WikiPedia.
AJAX is shorthand for Asynchronous JavaScript and XML and does not define a standard on how the data is transferred.
Because the browsers are designed primarily as HTTP clients you should study GET and POST and maybe PUT and DELETE for RESTful web services.
Can an AJAX response set a cookie? If not, what is my alternative solution? Should I set it with Javascript or something similar?
According to the w3 spec section 4.6.3 for XMLHttpRequest a user agent should honor the Set-Cookie header. So the answer is yes you should be able to.
Quotation:
If the user agent supports HTTP State Management it should persist,
discard and send cookies (as received in the Set-Cookie response
header, and sent in the Cookie header) as applicable.
Yes, you can set cookie in the AJAX request in the server-side code just as you'd do for a normal request since the server cannot differentiate between a normal request or an AJAX request.
AJAX requests are just a special way of requesting to server, the server will need to respond back as in any HTTP request. In the response of the request you can add cookies.
For the record, be advised that all of the above is (still) true only if the AJAX call is made on the same domain. If you're looking into setting cookies on another domain using AJAX, you're opening a totally different can of worms. Reading cross-domain cookies does work, however (or at least the server serves them; whether your client's UA allows your code to access them is, again, a different topic; as of 2014 they do).
Also check that your server isn't setting secure cookies on a non http request. Just found out that my ajax request was getting a php session with "secure" set. Because I was not on https it was not sending back the session cookie and my session was getting reset on each ajax request.