On Mon, May 19, 2014 at 10:22 AM, J. Chris Anderson <[email protected]>wrote:
> > > In order for the cookie to be used, it must be set from the same origin as > the sync connections are going to. So the call from your mobile code to > your custom API, should be in a sub-path of the same domain and port as the > sync service. > > Actually there is now a new native API call that makes the original cookie domain irrelevant. Here's a diagram that describes the interaction of the various components during a Cookie auth: http://cl.ly/image/0J3D0x141z2q In step #7, you would call this API to set the cookie: /** * Sets an HTTP cookie for the Replication. * * @param name The name of the cookie. * @param value The value of the cookie. * @param path The path attribute of the cookie. If null or empty, will use remote.getPath() * @param expirationDate The expiration date of the cookie. * @param secure Whether the cookie should only be sent using a secure protocol (e.g. HTTPS). * @param httpOnly (ignored) Whether the cookie should only be used when transmitting HTTP, or HTTPS, requests thus restricting access from other, non-HTTP APIs. */ @InterfaceAudience.Public public void setCookie(String name, String value, String path, Date expirationDate, boolean secure, boolean httpOnly) { } and the cookie domain will be set to the domain of the sync gateway, no matter what your domain of your webapp is: cookie.setDomain(syncGatewayURL.getHost()); -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/CACSSHCFo8MLBHOtoau%3Drzm3Mz0tbqHz1eVzFR6_OrV%3DjYwOMUA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
