NetTalk Central

Author Topic: AJAX needs SESSIONID Cookie but it isn't send by the browser  (Read 3074 times)

patrick de laet

  • Newbie
  • *
  • Posts: 35
    • View Profile
    • ShopPlus
    • Email
AJAX needs SESSIONID Cookie but it isn't send by the browser
« on: December 31, 2011, 06:45:51 AM »
Another problem with Cookies.
I use a lot of AJAX POSTs.
In the ProcessRequest method, it is stated that AJAX needs a Cookie . . .
  ! Ajax requests must have a session ID set in a cookie, otherwise nothing is returned
  ! This is to prevent Javascript hacking as per http://www.fortifysoftware.com/advisory.jsp
  ! NOTE: NetTalk uses Rico which is not vunerable to Javascript Hacking, but
  If self.RequestAjax = 1 and self.SessionID = 0
    ! ignore ajax requests that do not include a SessionID in the cookie.
    return
  End


However, according to Wikepedia, Cookies are only be sent back to the server for the given domain and path.

When I enter my site via www.xprodin.be - a Cookie is created with path=/.
However, as I have 10000 SEO friendly pages (eg: www.xprodin.be/ladies/trousers/product1) Google has picked them up very nicely.
When I do a search in Google for "xprodin ladies trousers" it shows my page.
However, clicking to the Google URL for my page, brings me directly to www.xprodin.be/ladies/trousers/product1.
As this is the first visit to www.xprodin.be, a SetCookie is done for my new SESSIONID, BUT IN THE PATH=/ladies/trousers/.
That's why I have 5,6,7, ... SESSIONID Cookies.

However, when I go to my order page, www.xprodin.be/order and start an AJAX order request; my SESSIONID is not send to the server because of a different Cookie path.
No Cookie ==> AJAX does nothing. So my shopping cart doesn't work.
When I enter my site via www.xprodin.be - a cookie is created in the Path=/ - the same path as my order page ==> hence the SESSION ID cookie is send with the AJAX call and everything works.

My question: who is adding the page=/xxx/yyy stuff when creating my SESSIONID cookie? If all of my 10000 pages created a single cookie with path=/ - this would solve my problem.
But I can't find where to change this.

Maybe this behaviour has to do with my previous thread where SetCookie has 7 parameters in the prototype but use 8 parameters in the code?

regards

Patrick De Laet


terryd

  • Hero Member
  • *****
  • Posts: 759
    • View Profile
    • Davcomm
    • Email
Re: AJAX needs SESSIONID Cookie but it isn't send by the browser
« Reply #1 on: January 01, 2012, 01:59:41 AM »
Hi Ptarick
I'm talking from a position of ignorance as far as the javascript side of Nettalk is concerned but wasn't Rico used in Nettalk4 and replaced in 5 and 6 by Jquery?
Terry Davidson
Windows 10 64 bit/Windows7 64bit
Clarion 9.1.11529/Clarion10 12567
Nettalk 913
Nettalk 1015
StringTheory267/Winevent515/XFiles298/MessageBox239/Cryptonite186