Solved

Session Management in AJAX+CORS setting in Tomcat

Posted on 2014-12-26
3
192 Views
Last Modified: 2015-06-29
I'm making AJAX requests from my web application to an Apache Tomcat 7 running on another Domain, which means that due to CORS restrictions (especially for IE 8 + 9), I cannot use any cookies (as they will be discarded).

How can I make use of session management in this case or any other alternative approach to it. Basically I have RESTful webservices that reside on Domain 1 and UI built on Angular that reside on Domain 2. So, the session is not being persisted across the domains.

Please help as how to resolve this problem or any other alternate approach to be taken.
0
Comment
Question by:Prabhudas Ch
3 Comments
 
LVL 35

Expert Comment

by:mccarl
ID: 40530744
Ok, I haven't really delved into this before but by reading the CORS specifications you may be able to get the cookies to be used correctly even across multiple domains.

If you check out the CORS spec (http://www.w3.org/TR/cors/#resource-requests) in particular in section 6.1 and dot point 3 it says that setting the value of the "Access-Control-Allow-Origin" header to "*" will disable cookies, etc. So you should try setting that value to the domain that your Angular UI is running on (which also should be the value of the "Origin" header that is sent with the request, but that might not be mandatory for this to all work). Also, the spec says at that point that you should set the "Access-Control-Allow-Credentials" header to "true" (must be lowercase) for this to work too.

Can you try those 2 changes to the code in your ServletFilter and see if it helps?
0
 

Author Comment

by:Prabhudas Ch
ID: 40531761
No,it did not help. I have tried the above options.

The problem is I am unable to retain the same session across the domains.

Regards,
Prabhu
0
 
LVL 43

Accepted Solution

by:
Rob earned 500 total points
ID: 40538616
Personally I haven't attempted to get CORS to work.  

My approach has been to add my own middlewar.  In your case, on Domain 2 with the UI stuff, I also have server side software that then call the required RESTful webmethods.  The session is "passed though".  

Yes it's double handling, but it works.  I can expand on this if you're interested and have questions.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Technology Resume 7 66
RSS FEED - PROPERLY FORMATTED URL 2 25
arrays and buttons with user input 2 31
JS to redirect to prev page 8 16
Get to know the ins and outs of building a web-based ERP system for your enterprise. Development timeline, technology, and costs outlined.
FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to dynamically set the form action using jQuery.

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question