Solved

Session Management in AJAX+CORS setting in Tomcat

Posted on 2014-12-26
3
168 Views
Last Modified: 2015-06-29
I'm making AJAX requests from my web application to an Apache Tomcat 7 running on another Domain, which means that due to CORS restrictions (especially for IE 8 + 9), I cannot use any cookies (as they will be discarded).

How can I make use of session management in this case or any other alternative approach to it. Basically I have RESTful webservices that reside on Domain 1 and UI built on Angular that reside on Domain 2. So, the session is not being persisted across the domains.

Please help as how to resolve this problem or any other alternate approach to be taken.
0
Comment
Question by:Prabhudas Ch
3 Comments
 
LVL 35

Expert Comment

by:mccarl
ID: 40530744
Ok, I haven't really delved into this before but by reading the CORS specifications you may be able to get the cookies to be used correctly even across multiple domains.

If you check out the CORS spec (http://www.w3.org/TR/cors/#resource-requests) in particular in section 6.1 and dot point 3 it says that setting the value of the "Access-Control-Allow-Origin" header to "*" will disable cookies, etc. So you should try setting that value to the domain that your Angular UI is running on (which also should be the value of the "Origin" header that is sent with the request, but that might not be mandatory for this to all work). Also, the spec says at that point that you should set the "Access-Control-Allow-Credentials" header to "true" (must be lowercase) for this to work too.

Can you try those 2 changes to the code in your ServletFilter and see if it helps?
0
 

Author Comment

by:Prabhudas Ch
ID: 40531761
No,it did not help. I have tried the above options.

The problem is I am unable to retain the same session across the domains.

Regards,
Prabhu
0
 
LVL 42

Accepted Solution

by:
Rob Jurd, EE MVE earned 500 total points
ID: 40538616
Personally I haven't attempted to get CORS to work.  

My approach has been to add my own middlewar.  In your case, on Domain 2 with the UI stuff, I also have server side software that then call the required RESTful webmethods.  The session is "passed though".  

Yes it's double handling, but it works.  I can expand on this if you're interested and have questions.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Online collaboration is quickly becoming embedded in the workplace, and its benefits are tangible. See what the current landscape looks like and what the future holds for collaboration tools and the future of work.
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now