Hi Azher While this is a bit clunky at best, can't you save the session ID when first receiving the cookie, put it into memcache (or datastore if you want to be certain there's no flush on the memcache), and make your requests use that?
Cheers On Thursday, July 16, 2015 at 3:34:48 AM UTC-4, Azher Uddin Farooqi wrote: > > Hello, > > I've recently noticed that certain (all?) browsers do not send cookies > with OPTIONS requests, but session (understandably) sends a cookie response > with a new session ID in response to these. (OPTIONS requests are used to > probe CORS access control headers prior to sending AJAX requests.) > > > My specific scenario is the following: > > 1. request https://my-domain.appspot.com > - a. Receive cookie with new session ID > 2. AJAX OPTIONS request to https://my-domain.appspot.com to probe > for CORS headers (this is automatically generated by the browser) > - a. Browser does not send cookie > - b. Session responds with Set-Cookie header and NEW session ID > 3. Subsequent requests to https://my-domain.appspot.com use > different session ID > 4. Because of session ID mismatch, CORS filter blocks the requests. > > What can I do to prevent new session ID getting created in step #2 ? Or > how can I avoid my requests getting failed in the above scenario ? > > > Thanks, > Azher > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/7caff814-27bf-4366-b7e6-6d40f4186376%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
