API Redirect Cookie Problem
adrian
I have a problem launching BBB using a API join link. I think I know
why and wondered whether anybody else has hit this.
When you issue a join command via the api like this ...
(try it via curl)
... a cookie is set in the response. The cookie is used by the client
to validate the user. The problem is that when you try to fire the
link from another site the cookie is not passed onto the client page
(client/BigBlueButton.html) by the browser. This is intentional and
part of the http spec. See this link: http://www.perlmonks.org/?node_id=644365.
Basically, if a browser is asked to redirect, it'll ignore any Set-
Cookie headers that are part of the same response and this means that
BBB is not going to work from other environments, not even a simple
web page with an API (not a demo JSP) link.
Any ideas how this can be got around?
Adrian.
Jeremy Thomerson
Jeremy
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-dev" group.
To post to this group, send email to bigblueb...@googlegroups.com.
To unsubscribe from this group, send email to bigbluebutton-...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/bigbluebutton-dev?hl=en.
Adrian Fish
This is a clickable link in a page on a different host to BBB. The
cookie still needs to be set and it belongs to the BBB host, so will
still get lost in redirection, won't it?
If you do everything from the BBB JSP pages you remain in the same
domain at all times, so it's okay.
Have you successfully launching from other domains using the API?
Cheers,
Adrian.
> <mailto:bigblueb...@googlegroups.com>.
> To unsubscribe from this group, send email to
> bigbluebutton-...@googlegroups.com
> <mailto:bigbluebutton-dev%2Bunsu...@googlegroups.com>.
> For more options, visit this group at
> http://groups.google.com/group/bigbluebutton-dev?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "BigBlueButton-dev" group.
> To post to this group, send email to bigblueb...@googlegroups.com.
> To unsubscribe from this group, send email to
> bigbluebutton-...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/bigbluebutton-dev?hl=en.
--
==================================
Adrian Fish
Software Engineer
Centre for e-Science
Bowland Tower South C Floor
Lancaster University
Lancaster
LA1 4YW
email: a.f...@lancaster.ac.uk
http://confluence.sakaiproject.org/display/YAFT/Yaft
http://confluence.sakaiproject.org/display/BLOG/Home
http://confluence.sakaiproject.org/display/AGORA/Home
Jeremy Thomerson
On the BBB server, I add a jquery file and a custom js file that has a single function in it which makes an API call (using jquery), and returns the results as JSON.
On the customer's page, being served by www.genericconf.com, we load the jquery script and custom script in script tags. (i.e. <script src="{serverdomain}/ourjsfiles/jquery.js"></script>)
Then, I just call myCustomFunction(urlForAPICall) and it is able to make the API call to the API server since that JavaScript file that's actually doing the xmlhttpget was loaded from the same domain as the server.
The JSON is returned to my page by via a callback function, and processed in-page.
For join, I don't need to make the join API call in this method. Instead, I make an isMeetingRunning API call to see if the meeting has started yet. If it has not, I hold them on my waiting page that has phone call-in instructions, etc, and I keep polling the API to see when the meeting starts. When the meeting starts, I simply process the result and add a link to the page that links directly to {serverdomain}/bigbluebutton/api/join?queryparameters.... They click the link and are taken directly to the BBB server. The API call drops the cookies on the client and redirects to BigBlueButton.html.
Hope this helps.
Jeremy Thomerson
Adrian Fish
Thanks for taking the time for a detailed reply. Much appreciated. I've
woven some stuff into your email body.
Cheers again,
Adrian.
Jeremy Thomerson wrote:
> Yes - I have my customers come to www.genericconf.com
> <http://www.genericconf.com>, where we redirect them to
> {servername}.genericconf.com <http://genericconf.com>. We have
> numerous BBB servers setup, all on different domains. All API calls
> are made cross-domain. Here's the basics of how we accomplish this:
>
> On the BBB server, I add a jquery file and a custom js file that has a
> single function in it which makes an API call (using jquery), and
> returns the results as JSON.
> On the customer's page, being served by www.genericconf.com
> <http://www.genericconf.com>, we load the jquery script and custom
> script in script tags. (i.e. <script
> src="{serverdomain}/ourjsfiles/jquery.js"></script>)
> Then, I just call myCustomFunction(urlForAPICall) and it is able to
> make the API call to the API server since that JavaScript file that's
> actually doing the xmlhttpget was loaded from the same domain as the
> server.
> The JSON is returned to my page by via a callback function, and
> processed in-page.
I do the meeting creation in a module in my web app (Sakai) then serve
up the checksummed join urls via Ajax/JSON. I never do any cross domain
Ajax so the JS trick won't help here. Nice approach though.
>
> For join, I don't need to make the join API call in this method.
> Instead, I make an isMeetingRunning API call to see if the meeting has
> started yet. If it has not, I hold them on my waiting page that has
> phone call-in instructions, etc, and I keep polling the API to see
> when the meeting starts. When the meeting starts, I simply process
> the result and add a link to the page that links directly to
> {serverdomain}/bigbluebutton/api/join?queryparameters.... They click
> the link and are taken directly to the BBB server. The API call drops
> the cookies on the client and redirects to BigBlueButton.html.
So let me get this straight: All this stuff is happening at
www.genericconf.com, not on the BBB host itself? Can a moderator just
click the link from the customer site and they join and are redirected
okay? If so, there is something odd happening with my setup as it sounds
much the same as your approach, only it doesn't work. All I get is 'No
valid session' :(
Why use a cookie anyway? Couldn't the API just forward the url query
onto BigBlueButton.html?
>
> Hope this helps.
> Jeremy Thomerson
>
> On Tue, Feb 16, 2010 at 10:22 AM, Adrian Fish <a.f...@lancaster.ac.uk
> <mailto:a.f...@lancaster.ac.uk>> wrote:
>
> Thanks for the reply Jeremy.
>
> This is a clickable link in a page on a different host to BBB. The
> cookie still needs to be set and it belongs to the BBB host, so
> will still get lost in redirection, won't it?
>
> If you do everything from the BBB JSP pages you remain in the same
> domain at all times, so it's okay.
>
> Have you successfully launching from other domains using the API?
>
> Cheers,
>
> Adrian.
>
> Jeremy Thomerson wrote:
>
> Send the user directly to the join link and let them redirect
> into the meeting automatically.
>
> Jeremy
>
> On Tue, Feb 16, 2010 at 10:05 AM, adrian
> <a.f...@lancaster.ac.uk <mailto:a.f...@lancaster.ac.uk>
> <mailto:a.f...@lancaster.ac.uk
> <mailto:bigblueb...@googlegroups.com
> <mailto:bigblueb...@googlegroups.com>>.
>
> To unsubscribe from this group, send email to
> bigbluebutton-...@googlegroups.com
> <mailto:bigbluebutton-dev%2Bunsu...@googlegroups.com>
> <mailto:bigbluebutton-dev%2Bunsu...@googlegroups.com
> <mailto:bigbluebutton-dev%252Buns...@googlegroups.com>>.
>
> For more options, visit this group at
> http://groups.google.com/group/bigbluebutton-dev?hl=en.
>
>
> --
> You received this message because you are subscribed to the
> Google Groups "BigBlueButton-dev" group.
> To post to this group, send email to
> bigblueb...@googlegroups.com
> <mailto:bigblueb...@googlegroups.com>.
> To unsubscribe from this group, send email to
> bigbluebutton-...@googlegroups.com
> <mailto:bigbluebutton-dev%2Bunsu...@googlegroups.com>.
> For more options, visit this group at
> http://groups.google.com/group/bigbluebutton-dev?hl=en.
>
>
> --
> ==================================
> Adrian Fish
> Software Engineer
> Centre for e-Science
> Bowland Tower South C Floor
> Lancaster University
> Lancaster
> LA1 4YW
> email: a.f...@lancaster.ac.uk <mailto:a.f...@lancaster.ac.uk>
Jeremy Thomerson
Also, look at the response content of the call to http://demo.bigbluebutton.org/bigbluebutton/conference-session/enter.
But, yes, I redirect my users directly to the join API URL and they are redirected into the app just fine.
Jeremy Thomerson
Adrian Fish
Cheers,
Adrian.
Jeremy Thomerson wrote:
> Use something like HttpFox to see the cookie being set, and then see
> if the same cookie is sent when it makes the calls to
> /bigbluebutton/conference-session/enter
> Also, look at the response content of the call to
> http://demo.bigbluebutton.org/bigbluebutton/conference-session/enter.
>
> But, yes, I redirect my users directly to the join API URL and they
> are redirected into the app just fine.
>
> Jeremy Thomerson
>
> On Tue, Feb 16, 2010 at 1:44 PM, Adrian Fish <a.f...@lancaster.ac.uk
> <mailto:a.f...@lancaster.ac.uk>> wrote:
>
> Hi Jeremy,
>
> Thanks for taking the time for a detailed reply. Much appreciated.
> I've woven some stuff into your email body.
>
> Cheers again,
>
> Adrian.
>
> Jeremy Thomerson wrote:
>
> Yes - I have my customers come to www.genericconf.com
> <http://www.genericconf.com> <http://www.genericconf.com>,
> where we redirect them to {servername}.genericconf.com
> <http://genericconf.com> <http://genericconf.com>. We have
> numerous BBB servers setup, all on different domains. All API
> calls are made cross-domain. Here's the basics of how we
> accomplish this:
>
>
> On the BBB server, I add a jquery file and a custom js file
> that has a single function in it which makes an API call
> (using jquery), and returns the results as JSON.
> On the customer's page, being served by www.genericconf.com
> <http://www.genericconf.com> <http://www.genericconf.com>, we
> www.genericconf.com <http://www.genericconf.com>, not on the BBB
> host itself? Can a moderator just click the link from the customer
> site and they join and are redirected okay? If so, there is
> something odd happening with my setup as it sounds much the same
> as your approach, only it doesn't work. All I get is 'No valid
> session' :(
>
> Why use a cookie anyway? Couldn't the API just forward the url
> query onto BigBlueButton.html?
>
>
> Hope this helps.
> Jeremy Thomerson
>
> On Tue, Feb 16, 2010 at 10:22 AM, Adrian Fish
> <a.f...@lancaster.ac.uk <mailto:a.f...@lancaster.ac.uk>
> <mailto:bigbluebutton-dev%2Bunsu...@googlegroups.com
> <mailto:bigbluebutton-dev%252Buns...@googlegroups.com>
>
> <mailto:bigbluebutton-dev%252Buns...@googlegroups.com
> <mailto:bigbluebutton-dev%25252Bun...@googlegroups.com>>>.
>
>
> For more options, visit this group at
> http://groups.google.com/group/bigbluebutton-dev?hl=en.
>
>
> -- You received this message because you are
> subscribed to the
> Google Groups "BigBlueButton-dev" group.
> To post to this group, send email to
> bigblueb...@googlegroups.com
> <mailto:bigblueb...@googlegroups.com>
> <mailto:bigblueb...@googlegroups.com
> <mailto:bigblueb...@googlegroups.com>>.
> To unsubscribe from this group, send email to
> bigbluebutton-...@googlegroups.com
> <mailto:bigbluebutton-dev%2Bunsu...@googlegroups.com>
>
> <mailto:bigbluebutton-dev%2Bunsu...@googlegroups.com
> <mailto:bigbluebutton-dev%252Buns...@googlegroups.com>>.
> For more options, visit this group at
> http://groups.google.com/group/bigbluebutton-dev?hl=en.
>
>
> -- ==================================
> Adrian Fish
> Software Engineer
> Centre for e-Science
> Bowland Tower South C Floor
> Lancaster University
> Lancaster
> LA1 4YW
> email: a.f...@lancaster.ac.uk
> <mailto:a.f...@lancaster.ac.uk> <mailto:a.f...@lancaster.ac.uk