All geek questions in one place

ASP.NET Session Cookie Sharing Using a Java Applet

I have a Java applet that runs inside an authenticated aspx page. In .NET 1.1 version of my site, the applet has access to the session file and can retrieve the file from the server, but in .NET 2.0 it is not authenticated.

I saw a couple of forum posts elsewhere stating that 2.0 sets cookies for HttpOnly by default, but the solutions you provided have not yet worked. I also read somewhere that 2.0 may vary based on user agent.

Does anyone have experience or understanding of this?

+3
source share
4 answers

This question is old, but I thought it would be helpful to have the correct answer here.

Filip confuses server-side Java with client-side Java. He is right that you cannot share sessions between two server platforms, such as Java (J2EE) and ASP.Net, without using a custom approach.

However, applets are client-side and therefore must have access to session information on the main page. The problem is that ASP.Net 2.0 added the HttpOnly flag to the session cookies. This flag prevents JavaScript and Java applets from accessing these cookies.

The workaround is to disable the HttpOnly flag in session cookies. Although you can do this in the configuration in new versions of ASP.Net, in previous versions the solution was to add the following code to your Global.asax file:

protected void Application_EndRequest(object sender, EventArgs e)
{
    /**
    * @note Remove the HttpOnly attribute from session cookies, otherwise the 
    *      Java applet won't have access to the session. This solution taken
    *      from
    *      http://blogs.msdn.com/jorman/archive/2006/03/05/session-loss-after-migrating-to-asp-net-2-0.aspx
    *
    *      For more information on the HttpOnly attribute see:
    *
    *      http://msdn.microsoft.com/netframework/programming/breakingchanges/runtime/aspnet.aspx
    *      http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx
    */
    if (Response.Cookies.Count > 0)
    {
        foreach (string lName in Response.Cookies.AllKeys)
        {
            if (lName == FormsAuthentication.FormsCookieName || 
                lName.ToLower() == "asp.net_sessionid")
            {
                Response.Cookies[lName].HttpOnly = false;
            }
        }
    }
}

, //Java cookie. , Firefox 4.0.1 Java 1.6.0_13 Windows XP.

, , , URL- ( URL- ) cookie, .

+5

Filip , , Java ASP.NET. ASP.NET . , cookie . , . ( , !)

+1

Filip . , HTTP , Java ASP.NET - .

, . web.config .NET 2.0: <httpCookies httpOnlyCookies="false" />; .

Java, -.

0

I know this may be a very late answer, but I can give you a simpler solution: - usually, not always, applets use html and javascript for their interfaces and interaction. - Javascript runs in the browser. - Ajax calls are made by the browser. - Ajax calls are asynchronous and can be easily integrated into the applet logic.

You can find an elegant solution that combines Ajax calls into applet logic, delegating security to the browser.

0
source

Source: https://habr.com/ru/post/1698260/

More articles:


All Articles