Session Cookies
I'm connecting to a Nodejs REST server locally (cross domain allowed). Authentication is being managed using a session cookie module. Using simple HTML and AJAX calls everything works great. From Enyo though, I can see the set-cookie coming in post login, but subsequent requests are not including the cookie. Doesn't look like the cookie is getting created (Firefox or Chrome). Also tried running Chrome with
Various threads here discuss issues with Enyo and trying to access cookies and local storage. But I'm serving up the Enyo from a local server, shouldn't the browser take care of the cookie for me?
If not, what's the solution. I already tried turning off the httponly flag, but the
Follow up question would be what's the generic solution that would work running as a packaged app or served from a web server? Do I have to use something other than cookies?
--enable-file-cookiesbut no difference, still not seeing the cookie.
Various threads here discuss issues with Enyo and trying to access cookies and local storage. But I'm serving up the Enyo from a local server, shouldn't the browser take care of the cookie for me?
If not, what's the solution. I already tried turning off the httponly flag, but the
inResponse.xhr.getResponseHeader("Set-Cookie"); comes up empty. Follow up question would be what's the generic solution that would work running as a packaged app or served from a web server? Do I have to use something other than cookies?
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Comments
xhrFields: { withCredentials: true }This seems like it should be unnecessary, but okay. The next problem is theAccess-Control-Allow-Origin: '*'isn't allowed with credentials. So I fixed that, now requests originating from my Enyo server are hitting my Nodejs REST server and still getting denied????Here's a request header And the error in the console: Now what?
if (request.getHeader("Origin") != null) { response.addHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); response.addHeader("Access-Control-Allow-Credentials", "true"); if (request.getMethod().equals("OPTIONS")) { response.addHeader("Access-Control-Allow-Methods", "GET, HEAD, PUT, POST, DELETE, TRACE, OPTIONS"); if (request.getHeader("Access-Control-Request-Headers") != null) { response.addHeader("Access-Control-Allow-Headers", request.getHeader("Access-Control-Request-Headers")); } response.setContentType("text/plain"); response.getWriter().flush(); return; } }I thought it was my Ajax, but now realize something's up with the server. I'll have to check the restify forums, or maybe switch to a different server.
Thanks!
But I was also trying to set the credentials flag with xhrFields, and seemed to get past the OPTS call and fail on the subsequent POST.
enyo.kind({ , kind: 'enyo.Ajax' , xhrFields: { withCredentials: true }Changed it to this, and it works IF I disable Chrome web security with the--disable-web-securityflag.enyo.kind({ , kind: 'enyo.Ajax' , headers: [{'Access-Control-Allow-Credentials':true}]The OPTS and POST look correct, but Chrome is still preventing the Set-Cookie coming back from actually storing the cookie.If Chrome and Firefox are locking down this feature, what is the correct alternative? Or will mobile apps running Enyo be okay? Or I guess some platforms will require the app package to declare secure access to resources? For example Firefox OS, an app might have to be declared as 'priviledged' in the manifest.
, xhrFields: { withCredentials: true }is the correct solution, my server was handling the OPTIONS request correctly but not the POST. Drove me nuts until I finally went through the server code line by line and found that I had the preflight code in two places and configured differently.can you send me your login code function, i don't know how to use session or cookie in enyojs for webOSTV.
Thank you so much.