Closed rsofaer closed 13 years ago
gimite
commented
13 years ago What do you see with document.cookie in JavaScript? web-socket-js internally calls document.cookie and send it, so it should be the same as document.cookie. Also, is your HTML file and WebSocketMain.swf in the same host? Otherwise it may cause some issue.
rsofaer
commented
13 years ago I actually looked into this some more, and it would be impossible to fix. Rack, and by extension Rails, marks its session cookie HttpOnly by default, which makes it so that the cookie can't be accessed through document.cookie in the browser. It's a security feature to make xss attacks less damaging. I've taken HttpOnly off of our session cookies, but it seems to be one or the other.
gimite
commented
13 years ago Oh I see. I didn't know that.
I'm having trouble trying to get web-socket-js to send my site's session cookie through to my server. It works in chrome, but with the flash fallback, it sends cookies I set through the javascript console, but not the session cookie. It seems to me that since some cookies are sent, it's not an 'origin' problem. Is there a way to send that session cookie as well?