1

I'm deploying an application in Google App Engine and I'm also using the Cloud Endpoint feature for REst call.

I use a custom domain to point on my application. As you probably know, Endpoint doesn't support custom domain. So my situation is this:

  1. I open the page http://www.example.org
  2. I do an ajax request to an Endpoint like https://my-example.appspot.com/_ah/api/service

Now the problem is: Everytime I do an ajax request to an Endpoint, a new Session is created!! How can I keep the session between requests? I inspected the responses from Endpoint, and I didn't find any reference to session cookie...

UPDATE 1

For the Ajax call I'm using JQuery.

$.post('_ah/api/user/v1/login', function() {
  console.log('logged');
});

I now add this is for adding the withCredentials field.

$(document).ajaxSend(function(elm, xhr, s) {        
    xhr.withCredentials = true;
});

UPDATE 2

This is my request and the server response headers

Request

Accept:*/*
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:http://www.example.org
Referer:http://www.example.org/game.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36
X-CSRFToken:xkNZPouvfl2mRT0IKFZNB2xJpffaaK3UuYhhg5eoeRAiMqxaoQ14q93cv2xeRnYP

Response

access-control-allow-credentials:true
access-control-allow-origin:http://www.example.org
access-control-expose-headers:Content-Encoding,Content-Length,Content-Type,Date,Server
alternate-protocol:443:quic,p=1
cache-control:private, max-age=0
content-encoding:gzip
content-length:165
content-type:application/json; charset=UTF-8
date:Sun, 19 Apr 2015 12:40:49 GMT
expires:Sun, 19 Apr 2015 12:40:49 GMT
server:GSE
status:200
version:HTTP/1.1
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-xss-protection:1; mode=block
Community
  • 1
  • 1
simonelucidi87
  • 301
  • 1
  • 10
  • Could you add the js code doing the request and the requests/responses HTTP headers ? It looks like a missing `Access-Control-Allow-Credentials` / `xhr.withCredentials = true`. – David Duponchel Apr 19 '15 at 11:59
  • Thank you for the reply David! I'm doing a normal ajax call with JQuery. Heres' the code: `$.post('_ah/api/user/v1/login', function() {console.log('logged'});` I now add this....is it right? `$(document).ajaxSend(function(elm, xhr, s) { xhr.withCredentials = true; });` – simonelucidi87 Apr 19 '15 at 12:18
  • Only an idea: Is it possible it happens because of load balancing of googles servers in some way ? Maybe because of your server code delivers the client code from another instance what tells your browser it is new so it gets a new session. It is only an idea. Let me know whether it is - would be funny to know. – Danny Apr 19 '15 at 12:22
  • Could you add the requests / responses HTTP headers where the server should reuse a session ? If it's an issue with the credentials, the browser won't send the cookie header. If it's a load balancer issue like @Danny suggested, we will see the cookies in the request. Also check that the endpoint doesn't use `Access-Control-Max-Age` (or has a negative value) for your test : it will become harder to find the cause of your issue if we struggle with the browser cache :-) – David Duponchel Apr 19 '15 at 12:55
  • I updated my answer with the headers. The Endpoint server doesn't seem to set any cookie session. If i use CORS, I force the client to send to the Endpoint the same session cookie of www.example.org? As said by Danny, i don't know if we are facing a technological limit of Google App Engine :( – simonelucidi87 Apr 19 '15 at 13:42
  • When a server sets a cookie, it is only valid for its domain. When you call www.example.org, your browser will send www.example.org's cookies. When you call with ajax my-example.appspot.com, your browser will send (if allow-credentials / withCredentials is here) my-example.appspot.com's cookies. You cannot automatically send the cookies from one domain to an other (but you can pass them as query parameters for example). After a search here on `[google-cloud-endpoints] session`, what you want seems possible but may requires reading/setting cookies manually. – David Duponchel Apr 19 '15 at 17:09
  • Questions about sessions and GAE endpoints get asked a lot here. Perhaps take a look at http://stackoverflow.com/questions/15522255/sessions-with-google-cloud-endpoints. – Adam Apr 19 '15 at 22:59

0 Answers0