JSessionId(httponly cookie)未从 Javascript 发送到 Web 服务
我们有一个 Web 小程序,可在 URL https://secure-ausomxeja.crmondemand.com/OnDemand/ 下加载...我们使用 JQuery 在同一域 (https://secure-ausomxeja.crmondemand.com/Services/Integration) 中进行 Web 服务调用。我们无法理解 JSessionId(一个 httponly cookie)没有在 JQuery Web 服务调用中传递的事实,即使所有事情都发生在同一个域中。有趣的是,如果 Web 服务 URL 以 https://secure-ausomxeja.crmondemand.com/OnDemand/ 开头...(虽然不正确),浏览器正确地传递了cookie。
问题是,对于要发送回服务器的 httponly cookie,是否需要具有相同的域,甚至还需要第一个目录的名称(在我们的例子中为 OnDemand)?
下面是不传递 JSessionId cookie 的代码片段 -
$.ajax({
url:"https://secure-ausomxeja.crmondemand.com/Services/Integration",
type: "POST",
dataType: "xml",
data: ...,
beforeSend: function(xhr) { xhr.setRequestHeader("SOAPAction", "..."); },
complete: endSaveProduct,
contentType: "text/xml; charset=\"utf-8\""
});
下面是传递 JSessionId cookie 的代码片段(但没有意义,因为该位置没有可用的 Web 服务) -
$.ajax({
url:"https://secure-ausomxeja.crmondemand.com/OnDemand/...",
type: "POST",
dataType: "xml",
data: ...,
beforeSend: function(xhr) { xhr.setRequestHeader("SOAPAction", "..."); },
complete: endSaveProduct,
contentType: "text/xml; charset=\"utf-8\""
});
We have a web applet that loads under the URL https://secure-ausomxeja.crmondemand.com/OnDemand/... from where we are making a web service call within the same domain (https://secure-ausomxeja.crmondemand.com/Services/Integration) using JQuery. We are not able to understand the fact that JSessionId (a httponly cookie) is not getting passed in the JQuery web service call even though everything is happening in the same domain. Interestingly, if the web service URL would start with https://secure-ausomxeja.crmondemand.com/OnDemand/... (though is not correct), the browser properly passes the cookie.
The question is, for a httponly cookie to be sent back to the server, is it sufficient to have the same domain or even the name of the first directory (OnDemand in our case) is also required?
Below is the code snippet that does not pass the JSessionId cookie-
$.ajax({
url:"https://secure-ausomxeja.crmondemand.com/Services/Integration",
type: "POST",
dataType: "xml",
data: ...,
beforeSend: function(xhr) { xhr.setRequestHeader("SOAPAction", "..."); },
complete: endSaveProduct,
contentType: "text/xml; charset=\"utf-8\""
});
Below is the code snippet that does pass the JSessionId cookie (but doesn't make sense as there is no web service available at that location) -
$.ajax({
url:"https://secure-ausomxeja.crmondemand.com/OnDemand/...",
type: "POST",
dataType: "xml",
data: ...,
beforeSend: function(xhr) { xhr.setRequestHeader("SOAPAction", "..."); },
complete: endSaveProduct,
contentType: "text/xml; charset=\"utf-8\""
});
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
查看 cookie 并查看它是否设置了路径(您可以在 Firefox 中轻松执行此操作)。可能是这样,因为这些可能是不同的 Web 应用程序,并且在这种情况下容器将为每个应用程序生成不同的会话。
因此,回答这个问题的更好方法可能是,这些网络应用程序是不同的吗?容器会为这两个请求创建不同的会话吗?
Look at the cookie and see if it has a path set (You can do this in firefox easily). Likely it does because those may be different web-apps and the container will generate different sessions for each in that case.
So an even better way to answer the question might be, are those different web-apps? Would the container create different sessions for those two requests?