问题
We have a web applet that loads under the URL https://secure-ausomxeja.crmondemand.com/OnDemand/... from where we are making a web service call within the same domain (https://secure-ausomxeja.crmondemand.com/Services/Integration) using JQuery. We are not able to understand the fact that JSessionId (a httponly cookie) is not getting passed in the JQuery web service call even though everything is happening in the same domain. Interestingly, if the web service URL would start with https://secure-ausomxeja.crmondemand.com/OnDemand/... (though is not correct), the browser properly passes the cookie.
The question is, for a httponly cookie to be sent back to the server, is it sufficient to have the same domain or even the name of the first directory (OnDemand in our case) is also required?
Below is the code snippet that does not pass the JSessionId cookie-
$.ajax({
url:"https://secure-ausomxeja.crmondemand.com/Services/Integration",
type: "POST",
dataType: "xml",
data: ...,
beforeSend: function(xhr) { xhr.setRequestHeader("SOAPAction", "..."); },
complete: endSaveProduct,
contentType: "text/xml; charset=\"utf-8\""
});
Below is the code snippet that does pass the JSessionId cookie (but doesn't make sense as there is no web service available at that location) -
$.ajax({
url:"https://secure-ausomxeja.crmondemand.com/OnDemand/...",
type: "POST",
dataType: "xml",
data: ...,
beforeSend: function(xhr) { xhr.setRequestHeader("SOAPAction", "..."); },
complete: endSaveProduct,
contentType: "text/xml; charset=\"utf-8\""
});
回答1:
Look at the cookie and see if it has a path set (You can do this in firefox easily). Likely it does because those may be different web-apps and the container will generate different sessions for each in that case.
So an even better way to answer the question might be, are those different web-apps? Would the container create different sessions for those two requests?
来源:https://stackoverflow.com/questions/5433351/jsessionid-httponly-cookie-not-sent-to-web-service-from-javascript