Duplicate Cookie header with JSESSIONID in statelessDispatch and custom cookies problem

[alexmnyc]

Hi guys,

A quick question about Set-Cookie header behaviour.

I'm running into an issue when running stateless and using InMemoryResponse constructs with custom cookies.

1. I have enabled stateless behaviour

LiftRules.enableContainerSessions = false
LiftRules.statelessReqTest.append { case _ => true }

2. I added my RestHelper to stateslessDispatch in Boot.scala

3. I'm using S.statelessInit(req) {

     S.addCookie(HTTPCookie("testCookie","test").setMaxAge(Days.days(90),toPeriod.toStandardSeconds.getSeconds).setPath("/"))

     Full(InMemoryResponse(Array(), S.getResponseHeaders(Nil), S.responseCookies, 200))

}

When inspecting the request headers, I see a duplicate Set-Cookie as in:

Set-Cookie JSESSIONID=10e7r7xrbnzv11fpp19h9ia6cv;Path=/

Set-Cookie testCookie=test;Path=/;Expires=Wed, 01-Jan-2014 21:10:25 GMT

which yields that any requests coming from IE always produce S.cookieValue("testCookie") as Empty

Can someone please advise how to merge the JSESSIONID Set-Cookie with custsom cookie headers? I don't set JSESSIONID header anywhere, it must be coming from the embedded Jetty or something.

[alexmnyc]

It appears there's nothing wrong with LIFT but rather IE and FF CORS cookie support is broken. It seems to only be sending the first cookie header only. Not sure why or what is happening but something is really goofy there. If anyone has experience in implementing CORS cookies with IE and FF support, I would greatly appreciate your input.

Thank you.

[Diego Medina]

May or not be related, but I din;t think that if you set the REquest to be stateless, you can then go ahead and init a session, or at least that seems to defeat the purpose of stateless

On Thu, Oct 3, 2013 at 5:41 PM, alexmnyc <a.mik...@gmail.com> wrote:

It appears there's nothing wrong with LIFT but rather IE and FF CORS cookie support is broken. It seems to only be sending the first cookie header only. Not sure why or what is happening but something is really goofy there. If anyone has experience in implementing CORS cookies with IE and FF support, I would greatly appreciate your input.

Thank you.

--
--
Lift, the simply functional web framework: http://liftweb.net
Code: http://github.com/lift
Discussion: http://groups.google.com/group/liftweb
Stuck? Help us help you: https://www.assembla.com/wiki/show/liftweb/Posting_example_code
 
---
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Diego Medina
Lift/Scala consultant
di...@fmpwizard.com
http://fmpwizard.telegr.am

[a.mik...@gmail.com]

Diego,

 

My understanding was that S.statelessInit does not initialize a session but rather makes S._ helper methods like param, addCookie, getResponseHeaders, etc available. S.init, on the other hand, is to be used for session initialization.

 

FYI, I solved the problem in IE by supplying a P3P header in case anyone else is running into the same problem. This was related to IE restriction on third party cookies.