1. #1
    Sencha User
    Join Date
    Nov 2012
    Posts
    12
    Vote Rating
    0
    fujy is on a distinguished road

      0  

    Default Unanswered: Cross Domain Session Managment

    Unanswered: Cross Domain Session Managment


    Hello,

    I'm building a client-side solution that consumes a remote .NET web service, Here is the problem

    1- The user makes a Log in request with a username and password ( done using Ext.Ajax.request )
    2- The server responses with a JSON message saying that log in successful, also it responds with a cookie variable
    ASP.NET_SessionId : "blahblahblahblah"

    3- The user requests for some data using some web service method
    e.g. getDepartmenttEmployeeList(DepId)

    4- But the server responses with 200 OK and a JSON message telling that an "AuthenticationError" has happened and "Another user with the same credentials kicked you out."

    Now the problem is:
    When I check the request headers in the second request, I see that the browser didn't add the cookie that was previously sent by the web service, So I don't know exactly How the web service would know that I am the user who just logged in
    How can I force all requests ( after log in success) to be in the same session, should I send back the ASP.NET_SessionId cookie? How can I send it? Is there another way?

    Note: All requests is done after enabling CORS in Ext.Ajax in ( e.g. "Ext.Ajax.cors = true" )

    Thanks in advance

  2. #2
    Sencha User
    Join Date
    Nov 2012
    Posts
    12
    Vote Rating
    0
    fujy is on a distinguished road

      0  

    Default


    Any Suggestions?

  3. #3
    Sencha User
    Join Date
    Jan 2012
    Posts
    14
    Vote Rating
    0
    indra00 is on a distinguished road

      0  

    Default HELP Needed

    HELP Needed


    I am having the exact same problem. I have been using Sencha 2.0.1 ... but now moving to 2.1 as it allowes withCredential config in proxy which according to sencha lets you set the cookie.

    BUT , question to all Sencha pros, I still havent got any confirmation from anyone that even with the 'withCredential' config turned on, subsequent ajax request sends that cookie out so that server can recognize session.

    This is a serious issue as to application level security. I am amazed to see so little clarification through out the internet regarding this issue.

    mitchellsimoens I believe you r pro, please do investigate the issue and tell what is the solution

Thread Participants: 1

Tags for this Thread

Turkiyenin en sevilen filmlerinin yer aldigi xnxx internet sitemiz olan ve porn sex tarzi bir site olan mobil porno izle sitemiz gercekten dillere destan bir durumda herkesin sevdigi bir site olarak tarihe gececege benziyor. Sitenin en belirgin ozelliklerinden birisi de Turkiyede gercekten kaliteli ve muntazam, duzenli porno izle siteleri olmamasidir. Bu yuzden iste. Ayrica en net goruntu kalitesine sahip adresinde yayinlanmaktadir. Mesela diğer sitelerimizden bahsedecek olursak, en iyi hd porno video arşivine sahip bir siteyiz. "The Best anal porn videos and slut anus, big asses movies set..."