GWT processing of Set-Cookie Response header
688 views
Skip to first unread message
Steve Hunt
Mar 9, 2011, 5:48:30 AM3/9/11
to Google Web Toolkit
Hi,
I'm working on an app that is using a GWT UI but accessing an existing
WADL resource using a request builder and ResponseCallback.
On the initial login call to the service the remote server returns a
JSessionId cookie as a Set-Cookie header parameter.
In normal circumstances (ie if I access the server by making a Get
from a browser directly) this cookie is visible.
In GWT the cookie has disappeared.
I've replicated the problem using a Jersey servlet and returning a
selection of Response headers and cookies. Without fail I am unable
to see any header with the name 'Set-Cookie' and by extension any
cookies. This is true whether I try to access them through
response.getHeaders() or Cookies.getCookie().
All other response headers are present as expected, which leads me to
the conclusion that the 'Set-Cookie' header is being deliberately
stripped from the response.
Does this sound correct, was there a deliberate decision taken at some
point to strip this header? If so, why? If not, then what is causing
this behaviour.
It's a major problem, as the sessionId from that cookie is needed for
all subsequent calls to the server for authentication...
Thanks
Steve
I'm working on an app that is using a GWT UI but accessing an existing
WADL resource using a request builder and ResponseCallback.
On the initial login call to the service the remote server returns a
JSessionId cookie as a Set-Cookie header parameter.
In normal circumstances (ie if I access the server by making a Get
from a browser directly) this cookie is visible.
In GWT the cookie has disappeared.
I've replicated the problem using a Jersey servlet and returning a
selection of Response headers and cookies. Without fail I am unable
to see any header with the name 'Set-Cookie' and by extension any
cookies. This is true whether I try to access them through
response.getHeaders() or Cookies.getCookie().
All other response headers are present as expected, which leads me to
the conclusion that the 'Set-Cookie' header is being deliberately
stripped from the response.
Does this sound correct, was there a deliberate decision taken at some
point to strip this header? If so, why? If not, then what is causing
this behaviour.
It's a major problem, as the sessionId from that cookie is needed for
all subsequent calls to the server for authentication...
Thanks
Steve
Y2i
Mar 9, 2011, 10:16:33 AM3/9/11
to google-we...@googlegroups.com
Does this happen in dev mode? There seem to be some issues with it
Thomas Broyer
Mar 9, 2011, 10:41:40 AM3/9/11
to google-we...@googlegroups.com
Browsers strip the Set-Cookie from XMLHttpRequest-s: http://www.w3.org/TR/XMLHttpRequest/#the-getallresponseheaders-method
As for Cookies.getCookie(), I think some browsers might wait until the XHR's onreadystatechange (the event that calls GWT's RequestCallback) terminates to update the document.cookies. In other words, it doesn't surprise me much that Cookies.getCookie() doesn't reflect the response's cookie from within the RequestCallback's onSuccess.
If you need the Session ID to send in the client-to-server payload, then I'd suggest you send it in the server-to-client payload as well.
Reply all
Reply to author
Forward
0 new messages