1

i have an application running on Tomcat 7.0.27 which is our organization network and second application which is running on Amazon Web services( which is nothing but Tomcat 7.0.42). The application that is running on amazon is inside the iframe of the first application. The application running on the Amazon is self contained i.e all the files that it needs resides inside of the same tomcat container and don't communicate with the first application.I see that entire site works fine in FireFox and chrome. But having problems in safari. In Safari the launch of the second application is Successful( which is nothing but a POST) but the subsequent Request( which is GET) fails. So in code what we are doing is that after the POST we are putting a Java Object in the session like this 

SessionData result = new SessionData(request,oauthCredentials);
request.getSession().setAttribute(SESSION_ATTR_TC_DATA, result);

So after the POST the first request that come is GET, when this request come in we try to get the Java object that we put in the session like below. 

SessionData result = (SessionData) request.getSession().getAttribute(SESSION_ATTR_TC_DATA);
request.setAttribute(SESSION_ATTR_TC_DATA, result);

But in Safari i see that the session id(JSESSIONID) in POST is different From that in GET and the soSessionData=null; I see that the Session Id is same in case of FIREFOX/CHROME.

I see that from a URL/IPAddress 

http://one.roses.flowers.org/ #IpAddress=141.21.19.87
http://test-dev.elasticbeanstalk.com/ #IpAddress=64.261.831.97

I am not creating any sessions by writing the code. Tomcat is handling it.

But this Whole Thing work across all the browsers when the First tomcat/second tomcat running inside our organization Network. I see that from a URL/IPAddress 

http://one.roses.flowers.org/ #IpAddress=141.21.19.87
http://five.oranges.flowers.org/ #IpAddress=141.21.19.88

Why would Safari behaves indifferently in this case?

pushya
  • 4,338
  • 10
  • 45
  • 54
  • 1
    I expect it's related to Safari's cookie policy. http://stackoverflow.com/questions/10060820/does-the-technique-for-setting-third-party-cookies-in-iframes-in-safari-still-wo – Martin Wilson Jan 13 '14 at 20:35
  • @MartinWilson i am not setting any cookie exclusively as started in that article. This whole thing work fine in safari as well when both Tomcats are in our Network infrastructure. I don't think this fact that you pointed out will applicable in my case. What do you say? – pushya Jan 13 '14 at 20:53
  • @MartinWilson, So Safari is creating the cookie(JSESSIONID) during the POST/laucnch of the application. But some where this cookies is being lost and new Cookie is being created and previous session get lost and my application content don't load completely – pushya Jan 13 '14 at 20:56
  • Are you sure Tomcat is using different sessions for your POST and GET requests? Have you tried a debug statement outputting the session id in your server code (for the POST and GET)? There may be other reasons for SessionData=null. For example, what is populating oauthCredentials in your POST code? Could this be throwing an exception? Safari's cross-site security might be affecting this. – Martin Wilson Jan 14 '14 at 09:40
  • @MartinWilson i am sure that tomcat is using different session for POST and GET. i did put the debug statement and saw it being different. oauthCredentials is just hold static information that's pulled from the a Properties file. that shouldn't be making SessionDate=null. you may be correct safari cross site security might be doing this. HOw should i prove this is the reason why it;s not working? – pushya Jan 14 '14 at 17:58

1 Answers1

1

What made it work in Safari is by turning off cookie restriction to accept from Third party. Same is true for the IE as well.The default setting is not to acccept 3rd party cookie. For FF/Chrome the default option is to accept 3rd party cookies.

I have used Webscarab tool to debug this issue.

The application that was inside of the iframe was on AmazonWebservices the URL pattern was totally different from the origination Site. so that made browser think that these calls are made from/to some external site. So based on the Browser cookie setting the browser severed up the Application inside of the iframe.

Also, the 2 URL look like this to the browser. 

http://one.roses.flowers.org/ 
http://test-dev.elasticbeanstalk.com/

We added the Alias/cname to the project on the AmazonWebservice(AWS) server in the higher environment(QA/PROD) something shown below. By adding alias to the url browser don't consider the URL coming from 3rd party as both has same domain name. Now the solution is independent of the browser cookie settings.

http://test-dev.elasticbeanstalk.com/ ---> http://aws.newsite.flowers.org
pushya
  • 4,338
  • 10
  • 45
  • 54