: Cookie not being sent when requesting JS I host a webservice, and provide my members with a Javascript bookmarklet, which loads a JS sript from my server. However, clients must be logged in,
I host a webservice, and provide my members with a Javascript bookmarklet, which loads a JS sript from my server. However, clients must be logged in, in order to receive the JS script. This works for almost everybody. However, some users on setups (i.e. browser/OS) that are known to work for other people have the following problem: when they request the script via the javascript bookmarklet from my server, their cookie from my server does not get included with the request, and as such they are always "not authenticated".
I'm making the request in the following way:
var myScript = eltCreate('script');
myScript.setAttribute('src','http://myserver.com/script');
document.body.appendChild(myScript);
In a fit of confused desperation, I changed the script page to simply output "My cookie has [x] elements" where [x] is count($_COOKIE). If this extremely small subset of users requests the script via the normal method, the message reads "My cookie has 0 elements". When they access the URL directly in their browser, the message reads "My cookie has 7 elements".
What on earth could be going on?!
More posts by @Kaufman445
3 Comments
Sorted by latest first Latest Oldest Best
Just a guess:
May it have to do with (dis)allowing third party cookies? It’s a setting in many browsers.
Your cookie would probably count as third party, as the bookmarklet is hosted locally, not at your host.
EDIT: Ah, found your question on SO. So my assumption seems to be correct.
Browser access is different from embedding a script.
Cookies are sent along with HTTP Request. Browsers does that automatically when you click or type an address on them, embedding script usually does not.
I think you can look at Delicious Link Rolls solution provided by yahoo to get a better idea. Also, study that using Firefox + Firebug + Firecookie, and check into Network tab the request headers that pump up.
I think that a proxy or the ISP filters those cookies from scripts out. Mobile ISPs are known to do such nasty things, like Vodafone, which e.g. puts every script and CSS into the HTML page as inline <script ...> or <style ...>.
I would ask by the clients what kind of internet access they have, and to send you a saved copy of the HTML-page, which they get, when they access your site.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.