Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Standard Widget Toolkit (SWT) » SWT Browser ignores cookies from AJAX requests
icon9.gif  SWT Browser ignores cookies from AJAX requests [message #724598] Mon, 12 September 2011 16:04 Go to next message
Ulrik Skyt is currently offline Ulrik SkytFriend
Messages: 4
Registered: September 2011
Junior Member
Hello,

We are using the SWT Browser component in a Java application to access a short list of specific sites, which we control ourselves. The sites are protected by SAML, and we are evolving this into a quite complex scenario with multiple IdP's and sign-on mechanisms. Therefore we recently made a change about which resources are protected by SAML and which are not - now only the AJAX services are protected.

This means that the AJAX services (a.k.a. "XmlHttpRequests") should now initiate a browser session in order to work. But unfortunately, I experience that the Browser ignores cookies being set in the AJAX responses. In the end this leads to an infinite redirect loop, being detected and reported as an error "too many HTTP redirects".

To me, this seems to be a bug - but maybe someone can explain to me something I should be doing to make the browser accept cookies from AJAX requests? Or provide some other explanation.

The environment is Mac OSX 10.7 Lion, Java 6 (64-bit), SWT-3.7, default (=webkit) browser implementation.

Best regards,
Ulrik
Re: SWT Browser ignores cookies from AJAX requests [message #725327 is a reply to message #724598] Wed, 14 September 2011 14:10 Go to previous messageGo to next message
Grant Gayed is currently offline Grant GayedFriend
Messages: 2151
Registered: July 2009
Senior Member
Hi Ulrik,

I haven't heard of this before, and don't have an explanation for why
it's failing. To have it investigated you should log a report with SWT
at
https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Platform&component=SWT
and provide a minimal case that demonstrates the problem.

Grant


On 9/12/2011 12:04 PM, Ulrik Skyt wrote:
> Hello,
>
> We are using the SWT Browser component in a Java application to access a
> short list of specific sites, which we control ourselves. The sites are
> protected by SAML, and we are evolving this into a quite complex
> scenario with multiple IdP's and sign-on mechanisms. Therefore we
> recently made a change about which resources are protected by SAML and
> which are not - now only the AJAX services are protected.
>
> This means that the AJAX services (a.k.a. "XmlHttpRequests") should now
> initiate a browser session in order to work. But unfortunately, I
> experience that the Browser ignores cookies being set in the AJAX
> responses. In the end this leads to an infinite redirect loop, being
> detected and reported as an error "too many HTTP redirects".
>
> To me, this seems to be a bug - but maybe someone can explain to me
> something I should be doing to make the browser accept cookies from AJAX
> requests? Or provide some other explanation.
>
> The environment is Mac OSX 10.7 Lion, Java 6 (64-bit), SWT-3.7, default
> (=webkit) browser implementation.
>
> Best regards,
> Ulrik
Correction: SWT Browser ignores cookies from requests in an iframe [message #725824 is a reply to message #724598] Thu, 15 September 2011 21:29 Go to previous messageGo to next message
Ulrik Skyt is currently offline Ulrik SkytFriend
Messages: 4
Registered: September 2011
Junior Member

Looking at my problem some more, I see that the real problem is not cookies from AJAX requests, but rather cookies that are set in responses to a request (and subsequent redirects) in a transparent iframe.

So it seems the browser does not save/use cookies set in the responses received in the iframe.
Re: Correction: SWT Browser ignores cookies from requests in an iframe [message #726387 is a reply to message #725824] Sat, 17 September 2011 20:19 Go to previous messageGo to next message
Ulrik Skyt is currently offline Ulrik SkytFriend
Messages: 4
Registered: September 2011
Junior Member
Now I believe to have narrowed the problem further down:

The SWT browser load a page from domain A, say a.com, which contains an iframe that loads content from domain B, say b.com.
The responses/redirects from b.com sets one or more cookies, but the following requests from the iframe - still to b.com within the path of the cookies - do include the cookies!

Is there a particularly restrictive version of the "same origin policy" in play here? This works in other browsers.

When a login is timed out (or has never taken place) in an AJAX request, our webapp detects this, and requests a protected resource from an iframe, gets redirected to an IdP which normally initiates a session (with a cookie) and shows a login prompt. But in my case this fails badly because the browser does not correctly take the given cookies in the iframe.
Re: Correction: SWT Browser ignores cookies from requests in an iframe [message #726390 is a reply to message #726387] Sat, 17 September 2011 20:38 Go to previous message
Ulrik Skyt is currently offline Ulrik SkytFriend
Messages: 4
Registered: September 2011
Junior Member
I have submitted a bug report with id=358006.
Previous Topic:CheckBoxTableViewer: how to disable the checkboxes
Next Topic:How to dislay the TableColumn Text align vertical?
Goto Forum:
  


Current Time: Sat Nov 22 05:05:39 GMT 2014

Powered by FUDForum. Page generated in 0.12911 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software