View Full Version : Advice requested - server side session handling (launched from an IFrame)

24 Dec 2010, 3:26 AM

I plan to launch my EXT-JS solution from an IFrame embedded in another site, they will pass in the query parameters some details that I need to customise my user interface.

Once EXT-JS loads, I plan to show a login screen, then thereafter I want the JSESSION id to be used in subsequent web-service requests, in fact, ideally, when launched a second time, I don't want the login screen to appear as the session should be reused.

At this stage, I am a little confused, if I submit my login form through EXT JS, I get an XML response that states I am logged in successfully (the back-end is a Java web application), but, usually after being logged in, I can open another browser tab and that would inherit the session information for the site, but this isn't happening, so I suspect the next web-service request from ExtJS will fail (to test yet), or it means that only the IFRAME has the session information?

Am I better off to make the application go to a login page first, then, once logged in, re-direct to the application? The application could check to see whether it's logged in, if not redirect back to the login page.

Any thoughts about whether what I'm currently doing should work, i.e. if the login form returns in an IFRAME with a login success with a JSESSIONID, will subsequent Ext-JS requests use the JSESSION id in the header? If not, can I add it myself?


24 Dec 2010, 3:32 AM
Is your server configured to add the JSESSIONID to the '/' path cookie (default)?

In that case you should be able to access any page within the same domain in any window of that browser session and the browser will send the JSESSIONID to the server.

24 Dec 2010, 3:38 AM
If we say that my application is called 'applicationx', I have the following structure in my .war file...


All of these files are in applicationx.war, my entry-point is the index.html for the extapp, it uses a form to initiate the login.go web-service.

I've not written any cookie behavior in the web-services, it should therefore be the default.

When I looked at the HTTP headers, it actually looked as though two JSESSIONIDs were in use, perhaps the first one is for the site containing the original site, then 2nd being the IFRAME?

24 Dec 2010, 3:43 AM
Are these two using different domains or paths? You can use the Firebug Net tab to look at HTTP resonse headers.

5 Jan 2011, 8:50 AM
Same domain, different paths.

I did have some success after ensuring that

1) My initial JSP page that includes a IFRAME was prefixed with the JSP directive <%@page session="false" %>
2) Any relative URLs were changed to ${pageContext.request.contextPath}/services/x.go - for some reason the relative paths caused cookies to be created for the main domain and the root (/). Only after being very specific did it start working.

I might be overlooking something simpler, but this worked.

Thanks Condor,