asked on
How do I set a server side session cookie in the http header when the cookie is set via an AJAX call
I have created a sign-in in page in which the user enters their email and password. I then take these credentials and pass them server side using a JQuery AJAX call. The server side function then checks the details and if valid will set a session cookie for the user.
The problem I have is that unless I refresh the page the session cookie is not actually recognised on the calling page. Is there any way I can force the http header to update the session cookie without doing the refresh?
The workaround I currently have is that on the AJAX success a simply redirect back to the same page which is effectively a refresh.
The server side script is written in ASP classic but this should not really matter as any server side script language can be used to set the session cookie.
Another solution I am thinking of is to use client side cookies such as https://github.com/carhartl/jquery-cookie. However I would prefer to keep the cookies set server side.
The problem I have is that unless I refresh the page the session cookie is not actually recognised on the calling page. Is there any way I can force the http header to update the session cookie without doing the refresh?
The workaround I currently have is that on the AJAX success a simply redirect back to the same page which is effectively a refresh.
The server side script is written in ASP classic but this should not really matter as any server side script language can be used to set the session cookie.
Another solution I am thinking of is to use client side cookies such as https://github.com/carhartl/jquery-cookie. However I would prefer to keep the cookies set server side.
AJAXJavaScript
Last Comment
Dave Baldwin
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
A session cookie has to come from the server because that is where session data is stored. Thinking about it, you may simply be able to set the cookie in the response header that comes back to the AJAX routine. AJAX routines use standard HTTP headers in their requests and responses.
ASKER
OK this is probably just what I need to do. Do you know how this can be done please?
Are you talking about something other than the ASPSESSIONID.... cookie?
ASKER
No I mean the ASPSESSIONID.
Does this cover it?
http://stackoverflow.com/questions/12968611/jquery-ajax-reponse-set-cookie-header
Does this cover it?
http://stackoverflow.com/questions/12968611/jquery-ajax-reponse-set-cookie-header
No, that code won't help. ASPSESSIONID is what I was talking about. How are you checking in the browser after the page is loaded and the AJAX runs? My experience is that running any Classic ASP page sets the ASPSESSIONID cookie.
ASKER
The session ID is set by the callback handling function. But after it is successful I was hoping to simply read the session as Session("AccountID") but it is empty unless I refresh the page.
Where do you find Session("AccountID")? That looks like an ASP variable which isn't even present in the page in the browser.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks for this. I uploaded the demo page to here:
http://www.dressorganic.co.uk/sessioncookies/
I am not sure if it is a complete standalone test but I really don't understand how it works.
However I think the best thing for me to do is set up a very simple standalone test myself to demonstrate my issue. I will send this shortly.
http://www.dressorganic.co.uk/sessioncookies/
I am not sure if it is a complete standalone test but I really don't understand how it works.
However I think the best thing for me to do is set up a very simple standalone test myself to demonstrate my issue. I will send this shortly.
That just checks to see what cookies are currently set for that browser on that site. Open a new window in the same browser and run your sign-in page. After you do the login procedure without refreshing the sign-in in page, go back to the demo page and refresh it to see if the cookie is showing up there.
The only issue I can think of is that if I do set the session client side I will need to pass some IDs back to the server but for security I would have to hash the values rather than use database IDs.