Closed rsofaer closed 13 years ago
What do you see with document.cookie in JavaScript? web-socket-js internally calls document.cookie and send it, so it should be the same as document.cookie. Also, is your HTML file and WebSocketMain.swf in the same host? Otherwise it may cause some issue.
I actually looked into this some more, and it would be impossible to fix. Rack, and by extension Rails, marks its session cookie HttpOnly by default, which makes it so that the cookie can't be accessed through document.cookie in the browser. It's a security feature to make xss attacks less damaging. I've taken HttpOnly off of our session cookies, but it seems to be one or the other.
Oh I see. I didn't know that.
I'm having trouble trying to get web-socket-js to send my site's session cookie through to my server. It works in chrome, but with the flash fallback, it sends cookies I set through the javascript console, but not the session cookie. It seems to me that since some cookies are sent, it's not an 'origin' problem. Is there a way to send that session cookie as well?