-
May 15th, 2014, 09:00 AM
#1
Sending authenticated sessionID cookie from browser to notifyUser
Hi,
I am currently implementing authentication for my lightstreamer instance.
notifyUser is being called with a request, for example:
{ id: 'd100000145fea61d8d',
verb: 'notifyUser',
userName: 'some',
userPassword: 'thing',
headers:
{ 'content-type': 'application/x-www-form-urlencoded; charset=UTF-8',
'cache-control': 'no-cache',
connection: 'keep-alive',
host: 'localhost',
'accept-language': 'en-US,en;q=0.5',
accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'content-length': '218',
origin: 'https://localhost:4433',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Firefox/29.0',
'accept-encoding': 'gzip, deflate',
referer: 'https://localhost:4433/view1',
pragma: 'no-cache',
REQUEST_ID: '277' } }
I understand that this is triggered by the client.connect() which is executed on the client from within the webpage that has been served my server.
In order to proceed with the authentication inside notifyUser I need access to the sessionID that has been set by the server in the form of a cookie. This cookie is currently specified as httpOnly so that the browser does not allow programmatic access to it. What I would like is recommendations for the best/most secure approach to handle the authentication in this manner. Specifically I need access to this sessionId inside the notifyUser method so that I can authenticate effectively and return from the function.
Maybe there is also some consideration relating to the withCredentials parameter that is typically set when making https requests. However as the https request to start the session is made from within the lightstreamer library itself I do not know any way to set this field.
Advice would be much appreciated.
Thank you.
Similar Threads
-
By milad.j in forum Adapter SDKs
Replies: 1
Last Post: November 4th, 2013, 09:23 AM
-
By cwt237 in forum Client SDKs
Replies: 6
Last Post: September 19th, 2013, 01:05 PM
-
By gal_nitzan in forum Adapter SDKs
Replies: 1
Last Post: February 12th, 2013, 09:16 PM
-
By eoinoc in forum Client SDKs
Replies: 1
Last Post: October 15th, 2012, 09:21 AM
-
By brianjohnson in forum Adapter SDKs
Replies: 2
Last Post: April 5th, 2010, 12:02 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
All times are GMT +1. The time now is 10:08 PM.
Bookmarks