Table of Contents
Because HTTP is stateless, each request to the server is seen as an
independent visit by an anonymous client. Cookies are used to maintain session
state by uniquely identifying clients between requests. Servers can then use the
session to save application data, track users, deliver personalized information,
etc. Cookies are received by HTTP servers through the Cookie
request
header and set using the Set-Cookie
response header.
For security reasons, only cookies for a requested domain are sent up to the server. A great reference for cookie information is the Unofficial Cookie FAQ at cookiecentral.com.
The OpenLaszlo Server proxies client request headers and backend server response headers. Because clients always talk to the server, only headers in the OpenLaszlo Server domain will be sent. If a client makes a request to a server that has a different domain than the server, incorrect headers will be forwarded.
For example, assume your OpenLaszlo Server is hosted in the myhost.com domain. If your application makes a request to a server that lives in myhost.com, then the right headers will be sent. If the server is hosted in anotherhost.com, then the client's myhost.com headers will be incorrectly proxied.
As previously mentioned, all http data requests have to go through the
OpenLaszlo Server. When the server receives a request, it proxies the request headers (like the
Cookie
header, if found) and makes a request to the destination server
on behalf of the application. When the backend data is returned, the server proxies
the response headers (like the Set-Cookie
header, if found) and compiles
the XML into bytecode. Once the bytecode is ready, it is sent down to the
application.
Things to keep in mind when building sessioned OpenLaszlo apps:
Make sure your authentication server's host has the same domain as your OpenLaszlo Server
Because your OpenLaszlo application lives in the Flash runtime, there's no way to directly access your browser's cookies. A trick you can use is to make a data request to a JSP (or server) that responds with the cookie embedded in body of the response. See the next section for an example of how to do this.
This section demonstrates how an OpenLaszlo application can get at its cookie by calling a JSP. The JSP will parse and display the cookie value from the application and return the data to the application as XML. The application will then display the information using a text datapath.
<canvas width="500" height="200"> <dataset name="request" type="http" src="cookie.jsp" request="true" /> <view x="20" y="20" layout="spacing: 5" > <text><b>cookie: </b></text> <text resize="true" selectable="true" multiline="true" width="450" datapath="request:/cookie[1]/text()" /> </view> </canvas>
The LZX expects the format of the returned XML to look like:
<cookie>COOKIE</cookie>
Copy the LZX code and save it in a file called cookie.lzx
. Make sure you
can access this file using your OpenLaszlo Server. Before you run it, you'll need to create
the JSP.
Take the following JSP code and drop it in a web application directory
that you can access by URL. Make sure the LZX code's dataset is pointing to this
URL, that is, replace the src
value with your URL.
Example 44.1. jsp code for generating cookie
<%@ page import="java.util.*" %> <% response.setHeader("Content-Type","text/xml"); %> <cookie> <% Enumeration headers = request.getHeaderNames(); if (headers != null) { while (headers.hasMoreElements()) { String h = (String)headers.nextElement(); if (h.equalsIgnoreCase("Cookie")) { out.println(request.getHeader(h)); break; } } } %> </cookie>
The following example shows an LZX program that uses a java sever page (JSP) to set and store a cookie. (The jsp program is shown below.)
Example 44.2. Combobox that creates a cookie
<canvas
width
="100%
" height
="100
">
<!-- dataset to set cookie with -->
<dataset
name
="dsSetCookie
" type
="http
" src
="resources/cookie.jsp
"/>
<!-- Set previous set item during start -->
<dataset
name
="dsGetCookie
" type
="http
" src
="resources/cookie.jsp
" querystring
="name=mycookie&op=get
" request
="true
"/>
<datapointer
name
="dpCookie
" xpath
="dsGetCookie:/info[1]/data[1]/item[1]/text()
">
<handler
name
="ondata
" args
="d
">
if (d != '') cbox1.selectItem(d);
</handler
>
</datapointer
>
<!-- combobox items -->
<dataset
name
="items
">
<item
value
="item1
">item one
</item
>
<item
value
="item2
">item two
</item
>
<item
value
="item3
">item three
</item
>
<item
value
="item4
">item four
</item
>
</dataset
>
<combobox
id
="cbox1
" x
="20
" y
="20
" width
="130
" defaulttext
="choose one...
">
<textlistitem
datapath
="items:/item/
" text
="$path{'text()'}
" value
="$path{'@value'}
">
<!-- when item is selected, save choice in cookie by calling JSP -->
<handler
name
="onclick
"><![CDATA[
dsSetCookie.setAttribute("querystring", "name=mycookie&op=set&item=" + this.value);
dsSetCookie.doRequest();
]]>
</handler
>
</textlistitem
>
</combobox
>
</canvas
>
<!-- * X_LZ_COPYRIGHT_BEGIN ***************************************************
* Copyright 2007, 2008 Laszlo Systems, Inc. All Rights Reserved. *
* Use is subject to license terms. *
* X_LZ_COPYRIGHT_END ****************************************************** -->
Example 44.3. cookie.jsp
<%@ page import="java.util.*,java.io.*" contentType="text/xml" %> <info> <%! /** * Get cookie to store information. * @param name: name of cookie * @param cookies: client cookies */ Cookie getCookie(String name, Cookie[] cookies) { if (cookies != null) { for (int i=0; i < cookies.length; i++) { Cookie cookie = cookies[i]; if (cookie.getName().equals(name)) { return cookie; } } } return new Cookie(name, ""); } void showCookie(JspWriter out, Cookie cookie) throws IOException { out.println("<success/>"); out.print("<data>"); Map map = getCookieValues(cookie); Iterator iter = map.entrySet().iterator(); while (iter.hasNext()) { Map.Entry e = (Map.Entry)iter.next(); String k = (String)e.getKey(); out.println("<" + k + ">" + (String)e.getValue() + "</" + k + ">\n"); } out.println("</data>"); } Map getCookieValues(Cookie cookie) throws IOException{ // saved as key1=val1&key2=val2&... String str = cookie.getValue(); StringTokenizer st = new StringTokenizer(cookie.getValue(), "&"); Map map = new HashMap(); while (st.hasMoreTokens()) { String pair = st.nextToken(); int index = pair.indexOf('='); if (index == -1 || index == 0) continue; String k = pair.substring(0, index); String v = pair.substring(index+1); map.put(k, v); } return map; } /** * Copy parameter key/value pairs into cookie. Skips "op" and "name" parameters. */ void setValues(JspWriter out, Cookie cookie, Map params) throws IOException{ Iterator iter = params.entrySet().iterator(); Map cookieValues = getCookieValues(cookie); while (iter.hasNext()) { Map.Entry e = (Map.Entry)iter.next(); String k = (String)e.getKey(); // skip op and name if (k.equals("op") || k.equals("name")) continue; String[] values = (String[])e.getValue(); cookieValues.put(k, values[0]); } String newvalue = ""; iter = cookieValues.entrySet().iterator(); while (iter.hasNext()) { Map.Entry e = (Map.Entry)iter.next(); String k = (String)e.getKey(); String v = (String)e.getValue(); newvalue += k + "=" + v + "&"; } cookie.setValue(newvalue); } %> <% // operation String op = request.getParameter("op"); if ( op == null || op.equals("") ) { out.println("<status>error</status>\n<message>op: null or empty</message>\n"); out.println("</info>"); return; } // name of cookie String name = request.getParameter("name"); if (name == null || name.equals("") ) { out.println("<status>error</status>\n<message>name: null or empty</message>\n"); out.println("</info>"); return; } Cookie cookie = getCookie(name, request.getCookies()); if ( op.equals("get") ) { showCookie(out, cookie); } else if ( op.equals("set") ) { setValues(out, cookie, request.getParameterMap()); response.addCookie(cookie); showCookie(out, cookie); } else { out.println("<status>error</status>\n<message>no such op: " + op + "</message>\n"); } %> </info>
Copyright © 2002-2010 Laszlo Systems, Inc. All Rights Reserved. Unauthorized use, duplication or distribution is strictly prohibited. This is the proprietary information of Laszlo Systems, Inc. Use is subject to license terms.