[PhoneGap] Problem with the verify_credentials API

[Pierreuno]

Hi, I've been working on a plancast app for android based on the
phonegap framework. (apps build in html, javascript, css)
Everything works fine except that I've some problems with the
verify_credentials API.

When the verify_credentials succeed the first time, the session stays
open, so if I try to run the verify_credentials again with another
login/password, the information of the first user are returned. I
don't know how to process a "logout" without restarting the browser.
(which is something I can't do on the android)

Here is my code:

var xhr;
var url = 'http://api.plancast.com/02/account/
verify_credentials.json;
xhr = new XMLHttpRequest();
xhr.open("GET", url, true);
xhr.setRequestHeader("Cache-Control", "no-cache, must-revalidate");
xhr.setRequestHeader("Pragma", "no-cache");
xhr.setRequestHeader("Authorization","Basic " + btoa(user_login
+":"+user_password));
xhr.onreadystatechange = function(){
if (xhr.readyState == 4) {

alert(xhr.responseText);

}
};
xhr.send(null);

I was thinking that
xhr.setRequestHeader("Cache-Control", "no-cache, must-revalidate")
would fix the problem but apparently not.

So my question is: does the API checks all the header info? Is there
something wrong in my code?

Thank you.

[Jaymon]

Hi Pierreuno,

I wasn't able to duplicate your problem using curl but I have some
ideas on what it could be, so here are a couple things to try:

1 - ignore cookies, I'm not exactly sure how you would do that, but
the API is sending "Set-Cookie" headers so the XMLHttpRequest object
might be respecting those cookies and sending them back instead of the
username and password? In a future code push we will get rid of those
Set-Cookie headers.

2 - make sure you are sending a different username and password, I
send the same input thinking it's different all the time.

3 - are you positive XMLHttpRequest isn't doing some form of
aggressive caching on its end? Maybe it caches by url or something
completely unexpected

Let me know if none of this helps and I can go in and blank out the
Set-Cookie headers on the live site right now instead of just putting
it on my todo list for a future push.

-Jay Marcyes

[Pierreuno]

1 - That might be the point, cookies are definitively activated on my
side, I used them to store the login/password if validated.
I'll try to desactive cookies in my app.
I'll keep you updated.

2 - Checked: "btoa(user_login +":"+user_password)" is different each
time.

3 - Checked: I tried with
var url = 'http://api.plancast.com/02/account/verify_credentials.json?
timestamp=' + new Date().getTime();

Thank you for your help Jay !

--
Pierre

[Pierreuno]

Desactive the cookies solve the problem in Safari, should solve the
problem on my android app.

Thanks a lot !

[Pierreuno]

Hi Jay,

I tried to disable the cookie on my app but it seems to be very
complicated so it would be nice if you could blank out the Set-Cookie
headers on the live site.

Thank you.

[Mark Hendrickson]

Hi Pierreuno,

We pushed out a change Jay made that should blank out the Set-Cookie headers now. Let us know if that did the trick.

Best,

Mark

--
Mark Hendrickson
My plans: http://plancast.com/mark
My info: http://ursusrex.com
My tweets: http://twitter.com/mhendric

[Pierreuno]

It did it perfectly.

Thanks a lot !

[Peter Sauer]

Hey Pierreuno - I'm looking forward to playing with your app. Let me
know if you need any beta testers :)

Peter