1

To better illustrate my problem , the question could be:

Can I initiate a session from a JSONP request?

In more detail: Suppose a JSONP request is made from my browser to myserver.com. Can myserver.com set cookies through the JSONP response, so that later on, when requests are again made to myserver.com (either directly when doc.host = myserver.com or indirectly through another JSONP request from an arbitrary doc.host) those cookies will be sent to it? Currently the browser seems to ignore the cookies I send with JSONP responses. Is what I want possible? What am I missing here?

EDIT: This is the request I do , by loading a local js file through a dummy local html that just fetches latest jquery and loads the js file:

$.ajax({
  url: "http://my-remote-server/jsonp/service/test",
  dataType: 'jsonp',
  data: {some:'data'},
  success:   function(responseData)
            {console.log(responseData);}
    });

The response of the above JSONP request, is setting a cookie. This is confirmed since chrome reports it. Problem is that if I just re-execute the above a second time, the cookie previously set isnt sent back to the server .

EDIT 2: I went to Chrome cookie browser (in the under-the-hood page) and I cant find the cookie, although it is reported (debug console of chrome) as received in the JSONP response. Which means that server sends it, browser sees it and then throws it away.

Paralife
  • 6,116
  • 8
  • 38
  • 64

2 Answers2

3

I found the solution, and here is some info that might be interesting for anyone dealing with this problem:

From wikipedia definition:

Third-party cookies are cookies being set with different domains from the one shown on the address bar

If I am not wrong, this makes 99.99% of all JSONP set cookies, third-party cookies. And in my case the address shown on the address bar is a file:// ,which makes my cookie a third party one.

As soon as I enabled third party cookies it worked.

As a side note, Chrome by default does not support cookies on file:// pages and doean not warn or notifies this. It has created some headaches .See here and here for the details.

Paralife
  • 6,116
  • 8
  • 38
  • 64
  • I was having this problem in mobile safari. Going to preferences and setting 'Accept Cookies' to 'Always' solved it. – schellsan Jul 31 '13 at 23:50
1

Yes. So can dynamic image requests and CSS requests etc. If it's an XHR request, you can even read the response headers (Set-Cookie et al).

How are cookies ignored now? How can you tell?

Rudie
  • 52,220
  • 42
  • 131
  • 173
  • I do a JSONP request, server sets cookie in the response, then i go to another browser window and go to the address directly, and the server doesnt get the cookie. I use chrome and I see the cookie the server sets in the JSONP response, but the cookie is not sent to the server from the second direct request. the first request (JSONP) is done using latest jquery .ajax funcall. The second is just input in the browser window. Maybe I dont see something. – Paralife May 26 '12 at 10:03
  • If it's JSONP, it's included as a JS file, right? (Not XHR?) So you can inspect the request and response headers. It works for me. Page A sends JS(ONP) request to script B, which responds with JSONP + Set-cookie, if I reload page A the cookie is sent to the server. That's how cookies (should) work... Inspect the response to see if the cookie is actually set. Start with a new session (use incognito mode). – Rudie May 26 '12 at 10:19
  • Actually, it is a local file named test.html, with only content the test.js script in the head tag (and the latest jquery). In this test.js file i have a function which makes a JSONP request to my remote server. I can see in the Chrome console the response cookie. But it is not send if i do the request again. – Paralife May 26 '12 at 10:24
  • I also see in the server debugging that the server every time receives no cookie, although i sends it in the request. It is definitely not server related. (the cookie reaches the client because chrome reports it. It just dont send it back, even if i repeat the exact same request) – Paralife May 26 '12 at 10:27