04-06-2010 08:18 PM
I was playing with the 1.0 release of the Widget SDK today, so the easiest thing was to point it at my existing mobile web application in the <content> section of the config.xml. I got to my login page, but then things quit working. I ended up using Wireshark and tracked it down to problems with cookies flagged HttpOnly (we do this for security reasons).
To summarize, if an http response comes with these headers to set four cookies:
Set-Cookie: c0=Default; path=/
Set-Cookie: c1=Expires; expires=Wed, 07-Apr-2010 23:53:56 GMT; path=/
Set-Cookie: c2=ExpiresAndHttpOnly; expires=Wed, 07-Apr-2010 23:53:56 GMT; path=/; HttpOnly
Set-Cookie: c3=HttpOnly; path=/; HttpOnly
The next http request, only sends these two cookies; the ones not set as HttpOnly:
Cookie: c1=Expires; c0=Default
This seems like a bug in the Widget SDK, as these same cookies work outside of the Widget in the Browser.
Here is the c# code, I used to generate the cookies:
HttpCookie c0 = new HttpCookie("c0", "Default");
HttpCookie c1 = new HttpCookie("c1", "Expires");
c1.Expires = DateTime.Now.AddDays(1);
HttpCookie c2 = new HttpCookie("c2", "ExpiresAndHttpOnly");
c2.Expires = DateTime.Now.AddDays(1);
c2.HttpOnly = true;
HttpCookie c3 = new HttpCookie("c3", "HttpOnly");
c3.HttpOnly = true;
09-03-2010 02:18 PM
Sorry for digging out this quite old thread, but are there any updates on this?
I have problems with HttpOnly Cookies too. (..and I'm not in the position to change the cookies sent by the service I'm using...)
09-03-2010 02:24 PM
I never heard back on this. I was doing a prototype solution when I found this, so I just put that project on the back burner (where it still sits). I am hoping that the OS 6.0 will work better.