Http OPTIONS is resetting JSESSIONID

39 views
Skip to first unread message

Azher Uddin Farooqi

unread,
Jul 16, 2015, 3:34:48 AM7/16/15
to google-a...@googlegroups.com
Hello,

I've recently noticed that certain (all?) browsers do not send cookies with OPTIONS requests, but session (understandably) sends a cookie response with a new session ID in response to these. (OPTIONS requests are used to probe CORS access control headers prior to sending AJAX requests.)


My specific scenario is the following:

  1. request  https://my-domain.appspot.com 
    • a. Receive cookie with new session ID
  2. AJAX OPTIONS request to https://my-domain.appspot.com to probe for CORS headers (this is automatically generated by the browser) 
    • a. Browser does not send cookie 
    • b. Session responds with Set-Cookie header and NEW session ID
  3. Subsequent requests to https://my-domain.appspot.com use different session ID
  4. Because of session ID mismatch, CORS filter blocks the requests.
What can I do to prevent new session ID getting created in step #2 ? Or how can I avoid my requests getting failed in the above scenario ?


Thanks,
Azher

Patrice (Cloud Platform Support)

unread,
Jul 16, 2015, 12:00:12 PM7/16/15
to google-a...@googlegroups.com, azher...@gmail.com
Hi Azher

While this is a bit clunky at best, can't you save the session ID when first receiving the cookie, put it into memcache (or datastore if you want to be certain there's no flush on the memcache), and make your requests use that?

Cheers

Alex Martelli

unread,
Jul 16, 2015, 12:07:20 PM7/16/15
to google-a...@googlegroups.com
Not sure what this has to do with app engine (or any other server-side system) -- it appears to be entirely a client-side (browser) problem. Maybe http://stackoverflow.com/questions/2870371/why-is-jquerys-ajax-method-not-sending-my-session-cookie can help (the second answer, not the accepted one).


Alex


--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/f9f03fbb-2eaf-41ed-8d64-54c9f0854633%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages