View Full Version : Cross Domain Session Managment

20 Nov 2012, 1:18 AM

I'm building a client-side solution that consumes a remote .NET web service, Here is the problem

1- The user makes a Log in request with a username and password ( done using Ext.Ajax.request )
2- The server responses with a JSON message saying that log in successful, also it responds with a cookie variable
ASP.NET_SessionId : "blahblahblahblah"

3- The user requests for some data using some web service method
e.g. getDepartmenttEmployeeList(DepId)

4- But the server responses with 200 OK and a JSON message telling that an "AuthenticationError" has happened and "Another user with the same credentials kicked you out."

Now the problem is:
When I check the request headers in the second request, I see that the browser didn't add the cookie that was previously sent by the web service, So I don't know exactly How the web service would know that I am the user who just logged in
How can I force all requests ( after log in success) to be in the same session, should I send back the ASP.NET_SessionId cookie? How can I send it? Is there another way?

Note: All requests is done after enabling CORS in Ext.Ajax in ( e.g. "Ext.Ajax.cors = true" )

Thanks in advance

20 Nov 2012, 8:20 AM
Any Suggestions?

19 Dec 2012, 2:21 AM
I am having the exact same problem. I have been using Sencha 2.0.1 ... but now moving to 2.1 as it allowes withCredential config in proxy which according to sencha lets you set the cookie.

BUT , question to all Sencha pros, I still havent got any confirmation from anyone that even with the 'withCredential' config turned on, subsequent ajax request sends that cookie out so that server can recognize session.

This is a serious issue as to application level security. I am amazed to see so little clarification through out the internet regarding this issue.

mitchellsimoens (http://www.sencha.com/forum/member.php?22216-mitchellsimoens) I believe you r pro, please do investigate the issue and tell what is the solution