Re: [Cppcms-users] The role of cookie path
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] The role of cookie path
|
From: CN <cn...@fa...> - 2016-07-10 05:37:16
|
On Sun, Jul 10, 2016, at 02:23 AM, Artyom Beilis wrote:
> Session values are not stored in various cookies but rather in the
> single session cookie defined by prefix.
>
> Note: you can expose values from server side to client using
> session().expose feature and the value will be transferred
> to the client but the session would never use it as it isn't secure
> only the data stored withing CppCMS session/and its cookie
> will be used regardless the other cookies defined.
>
> session().is_set(...) looks into the session not the various cookies.
Many thanks for the explanation!
I am still stuck by the original problem. It happens in the following
order:
- I manually navigate browser to URL "http://localhost/normal".
- Browser sends over all cookies to server.
- Server receives the request and recognizes all cookies encrypted in
prefix:
session().is_set("my_cookie");
returns true
(So far so good. As everyone else has already experienced - server
has correctly processed such requests countless number of times
without problem.)
- Server responds with the page.
- Client gets the page from "http://localhost/normal".
- I manually manipulate the page through browser and cause this
javascript to be called:
window.location.replace("http://localhost/special");
(I do this in order to download a static file from
"http://localhost/special" without navigating away the current page.)
- Server receives the request for "http://localhost/special" along with
the cookie encrypted in prefix same as the one it was requested for page
"http://localhost/normal". However,
session().is_set("my_cookie");
returns false this time!
I can not figure out why server recognizes all the sent in cookies when
it is requested for "http://localhost/normal", but it denies all the
sent in cookies when it is requested for "http://localhost/special" by
client javascript call window.location.replace().
Any idea? Please!
Best Regards,
CN
--
http://www.fastmail.com - mmm... Fastmail...
|
