I'm connecting to a Nodejs REST server locally (cross domain allowed). Authentication is being managed using a
session cookie module. Using simple HTML and AJAX calls everything works great. From Enyo though, I can see the set-cookie coming in post login, but subsequent requests are not including the cookie. Doesn't look like the cookie is getting created (Firefox or Chrome). Also tried running Chrome with
--enable-file-cookies
but no difference, still not seeing the cookie.
Various threads here discuss issues with Enyo and trying to access cookies and local storage. But I'm serving up the Enyo from a local server, shouldn't the browser take care of the cookie for me?
If not, what's the solution. I already tried turning off the httponly flag, but the
inResponse.xhr.getResponseHeader("Set-Cookie");
comes up empty.
Follow up question would be what's the generic solution that would work running as a packaged app or served from a web server? Do I have to use something other than cookies?
Comments
Access-Control-Allow-Origin: '*'
isn't allowed with credentials. So I fixed that, now requests originating from my Enyo server are hitting my Nodejs REST server and still getting denied????Here's a request header And the error in the console: Now what?
I thought it was my Ajax, but now realize something's up with the server. I'll have to check the restify forums, or maybe switch to a different server.
Thanks!
But I was also trying to set the credentials flag with xhrFields, and seemed to get past the OPTS call and fail on the subsequent POST. Changed it to this, and it works IF I disable Chrome web security with the
--disable-web-security
flag. The OPTS and POST look correct, but Chrome is still preventing the Set-Cookie coming back from actually storing the cookie.If Chrome and Firefox are locking down this feature, what is the correct alternative? Or will mobile apps running Enyo be okay? Or I guess some platforms will require the app package to declare secure access to resources? For example Firefox OS, an app might have to be declared as 'priviledged' in the manifest.
can you send me your login code function, i don't know how to use session or cookie in enyojs for webOSTV.
Thank you so much.