Hi Marcel, Am 29.03.2007 um 12:35 schrieb 3epnm:
> thanx for your help. Unfortunately it did not solve my Problem. My IE > is fully open but the IE do not use my Cookies in xhttp Requests. I > do not use Java, but the .qxrpc method could be a solution - i try. With all that you wrote below, I think I have an idea what goes wrong. Since you're using qooxdoo's index.html page (and not a PHP page), no session idea is generated initially. With Firefox, I suppose the first XmlHttpRequest call initiates a session, and the reply includes a Set-Cookie header with the session id. However, it seems that IE ignores Set-Cookie headers in XmlHttpRequest replies. A workaround should be very simple: Just turn your index.html page into an index.php page (or create a new index.php that includes the contents of the index.html). Then you get a session cookie before the first XmlHttpRequest, and IE sends this cookie for all subsequent requests. There can still be problems with expired sessions - but at least this should get you going for now. Some more comments inline below. >> 2.) Maybe your main page sets a cookie for my.app.foo.com, but you're >> later calling rpc.app.foo.com? In This case, a session cookie set by >> the main page wouldn't be sent along with RPC calls. (Maybe this case >> isn't even allowed by browsers, at least for non-cross-domain calls - >> I'm not sure.) > > The services directory lies below the serverroot next to the > Application > Directory - registered as a Alias in the Apache2 Virtual Host > directive > for the Qooxdoo Project. The Project and the Service use the same > domain. This may be another source of problems, but probably not. Just make sure that the domain of your index page, the domain of your rpc calls, and the domain in the Set-Cookie header are all identical. > I have hacked the initial index.html and added PHP Code which Generate > a Javascript Parameter vor sess_id and sess_name. The Firefox adds > this > Parameters automatically to the Request to the Services - the IE do > not. I don't think any GET or POST parameters are added by Firefox. It's probably just that Firefox has better cookie handling (see above). > In PHP it's possible to regenerate the session_id. This is not the > main Problem. I Think of a bug in my IE Version. The Ajax Calls in IE > do not use the Cookies. To override this Problem, the PHP folks often > adds the session Information to the Request manually. I have to think about this some more. Until now, I assumed that IE's cookie handling would be OK for XmlHttpRequests. However, it seems that is not the case (and I probably didn't notice it in my Java tests because I always made a request first that returned a session cookie). On the Java side, there's the additional problem that Tomcat (a very popular Servlet container) always uses the information from the cookie, even if a session id is present in the URL. It seems this breaks session expiration with IE :-( > In the qx.io.remote.ScriptTransport there is a Method to add > Parameters > to the Request via setRequestHeader. Such a Method would be nice to > have > in the qx.io.remote.Rpc, but could not found something alike. IMHO, it would be better if we could solve these session problems transparently. Maybe we can extract the Set-Cookie header from the XmlHttpRequest reply and set the cookie ourselves? This would solve the problem in an elegant and transparent way. I'll look into this. Regards, Andreas ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ qooxdoo-devel mailing list qooxdoo-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
