Set-Cookie Being Ignored
470 views
Skip to first unread message
JPJenkins69
Jun 14, 2011, 7:28:56 PM6/14/11
to Google Web Toolkit
I am a GWT noob but am working with someone else who is more advanced
than I, and we cannot figure out why a cookie being returned by the
server as a Set-Cookie HTTP header is not actually being set in the
browser.
I wrote a server using Tomcat that has an authentication call. I wrote
a dummy website all in HTML that uses web forms to send a request to
the server with the authentication information and receives a response
that contains a Set-Cookie header. This all works. It then has a
second button in a different form on the same page that sends a
different request to my server with some form data, and the browser
automatically injects the cookie into the header as expected.
Therefore, the server, for the second call, can pull the cookie header
out of the request and authenticate the request. This all works and is
great.
Now, for the test GWT application we have developed, I have used the
code that is automatically generated when a new GWT application is
developed (no AppEngine) and modified it in the following ways on the
client side's EntryPoint class. I removed the TextBox for entering my
name and the GWT RPC calls. I modified MyHandler so that it no longer
implemented KeyPressedListener or whatever and does implement
RequestCallback. I edited the contents of the onClick to create a new
RequestBuilder that sends a POST with the authentication information.
So far, this all works as I can watch the logs on my server and it
receives the request, processes it, and places the authentication
cookie in the response. Using Firebug, I can see that the response
contains the Set-Cookie header with the necessary cookie information.
However, the browser never actually saves this information.
Unsurprisingly, a subsequent call to the server doesn't include the
cookie.
GWT is just compiled into JavaScript when deployed, correct? And
JavaScript can't inject itself between the HTTP response and the
browser can it? I have checked the Response object that is a parameter
to the onResponseReceived() call from the RequestCallback interface,
and it doesn't contain any method to get access to the cookie except
through the getHeaders() call. I have dumped the results of this call,
though, and it doesn't exist there. Anyway, the browser should at
least be getting access to the HTTP header before the code and should
be grabbing and setting the cookie values before handing the code to
GWT. Not only am I new to GWT, I am new to most HTTP client-side
development, but am I really that far off track?
Thank you,
John
than I, and we cannot figure out why a cookie being returned by the
server as a Set-Cookie HTTP header is not actually being set in the
browser.
I wrote a server using Tomcat that has an authentication call. I wrote
a dummy website all in HTML that uses web forms to send a request to
the server with the authentication information and receives a response
that contains a Set-Cookie header. This all works. It then has a
second button in a different form on the same page that sends a
different request to my server with some form data, and the browser
automatically injects the cookie into the header as expected.
Therefore, the server, for the second call, can pull the cookie header
out of the request and authenticate the request. This all works and is
great.
Now, for the test GWT application we have developed, I have used the
code that is automatically generated when a new GWT application is
developed (no AppEngine) and modified it in the following ways on the
client side's EntryPoint class. I removed the TextBox for entering my
name and the GWT RPC calls. I modified MyHandler so that it no longer
implemented KeyPressedListener or whatever and does implement
RequestCallback. I edited the contents of the onClick to create a new
RequestBuilder that sends a POST with the authentication information.
So far, this all works as I can watch the logs on my server and it
receives the request, processes it, and places the authentication
cookie in the response. Using Firebug, I can see that the response
contains the Set-Cookie header with the necessary cookie information.
However, the browser never actually saves this information.
Unsurprisingly, a subsequent call to the server doesn't include the
cookie.
GWT is just compiled into JavaScript when deployed, correct? And
JavaScript can't inject itself between the HTTP response and the
browser can it? I have checked the Response object that is a parameter
to the onResponseReceived() call from the RequestCallback interface,
and it doesn't contain any method to get access to the cookie except
through the getHeaders() call. I have dumped the results of this call,
though, and it doesn't exist there. Anyway, the browser should at
least be getting access to the HTTP header before the code and should
be grabbing and setting the cookie values before handing the code to
GWT. Not only am I new to GWT, I am new to most HTTP client-side
development, but am I really that far off track?
Thank you,
John
JPJenkins69
Jun 23, 2011, 6:49:13 PM6/23/11
to Google Web Toolkit
So, I have created a piece of JavaScript that works just as expected.
Here is the whole page that I used to test:
<html>
<head>
<script type="text/javascript">
function newPopup() {
parameters = 'user=username&password=password&client=curl';
javascript:var req = new XMLHttpRequest();
req.open('POST', '/app/user/auth_token', false);
//Send the proper header information along with the request
req.setRequestHeader("Content-type", "application/x-www-form-
urlencoded");
req.setRequestHeader("Content-length", parameters.length);
req.send(parameters);
alert(req.responseText);
var headers = req.getAllResponseHeaders().toLowerCase();
alert(headers);
}
</script>
</head>
<body>
<input type="button" onclick="newPopup();" value="Go!" />
</body>
</html>
The response contains what is expected and the header doesn't contain
Set-Cookie. This is because the browser grabbed it, set the cookie,
and returned the rest which is exactly what is desired. If you want to
know more about what I have done to debug view the comments in the
only response here:
http://stackoverflow.com/questions/6351390/gwt-preventing-set-cookie-http-header-from-actually-setting-cookie
I am still looking for an answer and am leaning more and more towards
this being an issue with GWT. I read that GWT will pull off certain
headers in debug mode before they get to the Response object, which is
the only mode I have been able to get working. But my server is my own
and it can't scrape the headers from that response, and Set-Cookie
should be handled by the browser before GWT gets its hands on the
response.
Here is the whole page that I used to test:
<html>
<head>
<script type="text/javascript">
function newPopup() {
parameters = 'user=username&password=password&client=curl';
javascript:var req = new XMLHttpRequest();
req.open('POST', '/app/user/auth_token', false);
//Send the proper header information along with the request
req.setRequestHeader("Content-type", "application/x-www-form-
urlencoded");
req.setRequestHeader("Content-length", parameters.length);
req.send(parameters);
alert(req.responseText);
var headers = req.getAllResponseHeaders().toLowerCase();
alert(headers);
}
</script>
</head>
<body>
<input type="button" onclick="newPopup();" value="Go!" />
</body>
</html>
The response contains what is expected and the header doesn't contain
Set-Cookie. This is because the browser grabbed it, set the cookie,
and returned the rest which is exactly what is desired. If you want to
know more about what I have done to debug view the comments in the
only response here:
http://stackoverflow.com/questions/6351390/gwt-preventing-set-cookie-http-header-from-actually-setting-cookie
I am still looking for an answer and am leaning more and more towards
this being an issue with GWT. I read that GWT will pull off certain
headers in debug mode before they get to the Response object, which is
the only mode I have been able to get working. But my server is my own
and it can't scrape the headers from that response, and Set-Cookie
should be handled by the browser before GWT gets its hands on the
response.
Thomas Broyer
Jun 23, 2011, 7:45:50 PM6/23/11
to google-we...@googlegroups.com
FYI, just added an answer there: http://stackoverflow.com/questions/6351390/gwt-preventing-set-cookie-http-header-from-actually-setting-cookie/6461942#6461942
Reply all
Reply to author
Forward
0 new messages