locked
Where can I find cookie which I got from the server?

    Question

  • return new WinJS.Promise(function (complete, error,  progress) {                
    WinJS.xhr({                   
         type: 'POST',                    
         url: url_login,                    
         headers: null,                    
         data: data                
    }).then(function (response) {                    
    var xMachine = response.getResponseHeader("X-MACHINE");                    
    var setCookie = response.getResponseHeader("Set-Cookie");                    
    var allcokie = response.getAllResponseHeaders(); 
                                                     });            
    });


    This is the code which I use. I tested the server with the FireFox and FireBug, so cookie is definitely sent to me. However, I can't find it within response!
    Moreover, I found on the internet that cookies are removed by default from the headers. I would say fine if that cookie is saved by default somewhere else, but when I check documents.cookies looks like it's always null!

    Simple question: Where can I found cookie which I got from the server?  (I need it because later on I have to pass it to the server)


    Thanks for all help!
    Mantas


    • Edited by Mantelis Thursday, September 13, 2012 1:50 PM
    Monday, September 10, 2012 7:36 PM

Answers

  • HI

    Usually session cookies are http only cookies, which cannot be obtained via JavaScript, even inside a browser application. In a browser application, the browser will automatically send the cookie to the server in every web request, so you don't need to worry about it.

    But Windows Store applications are not browser applications. They're client applications. Usually client applications use tokens rather than session. You don't establish a stateful connection between client and server. Instead, after the use is authentication, a unique token is generated. The token is sent in every subsquent requests (in the Authorization header, using a query string, or something else). The token should uniquely identify the user, and it should be extremely difficult for anyone other then the server to generate such a token. So standards like OAuth are often used. Of course you can use your own token format if you can make sure it is secure. If security is not a major concern, a simple token will be fine. For example, a lot of online REST services require you to send a simple secret key in each request. You can take the same approach.

    Windows 8 allows you to use WebAuthenticationBroker to build a token centric authentication scheme. Please refer to http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.authentication.web.webauthenticationbroker.aspx for more information.

    • Marked as answer by Dino He Monday, September 24, 2012 2:18 AM
    Friday, September 14, 2012 4:44 AM

All replies

  • Hi

    May I know why you want to use cookie in Windows 8 app?

    By my understanding, Windows 8 app is client app, they don't need cookie, and it has limited access to the file system.

    That means it's hard to get cookie in your temp folder.

    If you want to store some thing you can refer to :

    Accessing app data with the Windows Runtime (Windows Store apps)

    Hope it helpful.

    Tuesday, September 11, 2012 4:29 AM
  • Thanks for reply. I don't need to store cookie, but I need to be able to read it at least from response. What for? Simple: Session ID. I'm getting it as a cookie and I have to pass it later on to be able to get right content for the user.  As I understood cookies are removed from the header, but saved somewhere. 

    Anyone know where and how to access it? Or maybe exist workaround for reading cookies from response?



    P.S. It's a bit stupid that MS removes cookies from the Header and limits my actions like this...



    Regards,

    Mantas



    • Edited by Mantelis Tuesday, September 11, 2012 11:21 AM
    Tuesday, September 11, 2012 11:09 AM
  • Bump  :)
    • Edited by Mantelis Thursday, September 13, 2012 11:23 AM
    Tuesday, September 11, 2012 11:00 PM
  • HI

    Usually session cookies are http only cookies, which cannot be obtained via JavaScript, even inside a browser application. In a browser application, the browser will automatically send the cookie to the server in every web request, so you don't need to worry about it.

    But Windows Store applications are not browser applications. They're client applications. Usually client applications use tokens rather than session. You don't establish a stateful connection between client and server. Instead, after the use is authentication, a unique token is generated. The token is sent in every subsquent requests (in the Authorization header, using a query string, or something else). The token should uniquely identify the user, and it should be extremely difficult for anyone other then the server to generate such a token. So standards like OAuth are often used. Of course you can use your own token format if you can make sure it is secure. If security is not a major concern, a simple token will be fine. For example, a lot of online REST services require you to send a simple secret key in each request. You can take the same approach.

    Windows 8 allows you to use WebAuthenticationBroker to build a token centric authentication scheme. Please refer to http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.authentication.web.webauthenticationbroker.aspx for more information.

    • Marked as answer by Dino He Monday, September 24, 2012 2:18 AM
    Friday, September 14, 2012 4:44 AM