Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Session Management in AJAX+CORS setting in Tomcat

Posted on 2014-12-26
3
Medium Priority
?
244 Views
Last Modified: 2015-06-29
I'm making AJAX requests from my web application to an Apache Tomcat 7 running on another Domain, which means that due to CORS restrictions (especially for IE 8 + 9), I cannot use any cookies (as they will be discarded).

How can I make use of session management in this case or any other alternative approach to it. Basically I have RESTful webservices that reside on Domain 1 and UI built on Angular that reside on Domain 2. So, the session is not being persisted across the domains.

Please help as how to resolve this problem or any other alternate approach to be taken.
0
Comment
Question by:Prabhudas Ch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 36

Expert Comment

by:mccarl
ID: 40530744
Ok, I haven't really delved into this before but by reading the CORS specifications you may be able to get the cookies to be used correctly even across multiple domains.

If you check out the CORS spec (http://www.w3.org/TR/cors/#resource-requests) in particular in section 6.1 and dot point 3 it says that setting the value of the "Access-Control-Allow-Origin" header to "*" will disable cookies, etc. So you should try setting that value to the domain that your Angular UI is running on (which also should be the value of the "Origin" header that is sent with the request, but that might not be mandatory for this to all work). Also, the spec says at that point that you should set the "Access-Control-Allow-Credentials" header to "true" (must be lowercase) for this to work too.

Can you try those 2 changes to the code in your ServletFilter and see if it helps?
0
 

Author Comment

by:Prabhudas Ch
ID: 40531761
No,it did not help. I have tried the above options.

The problem is I am unable to retain the same session across the domains.

Regards,
Prabhu
0
 
LVL 43

Accepted Solution

by:
Rob earned 1500 total points
ID: 40538616
Personally I haven't attempted to get CORS to work.  

My approach has been to add my own middlewar.  In your case, on Domain 2 with the UI stuff, I also have server side software that then call the required RESTful webmethods.  The session is "passed though".  

Yes it's double handling, but it works.  I can expand on this if you're interested and have questions.
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question