Skip to Content (Press Enter)
OutSystems.com
Personal Edition
Community
Support
Training
Training
Online Training
Developer Schools
Boot Camps
Certifications
Tech Talks
Documentation
Documentation
Overview
ODC
O11
Forums
Forge
Get Involved
Get Involved
Jobs
Ideas
Members
Mentorship
User Groups
Platform
Platform
ODC
O11
Search in OutSystems
Log in
Get Started
Back to Forums
João Gonçalves
65
Views
2
Comments
Javascript Application Integration
Question
Hi,
I'm having a problem with a specific integration in OutSystems Platform.
Basically, I have a javascript code that calls an outsystems web page, like:
var client = new XMLHttpRequest();
client.onreadystatechange = newSound_Response;
client.open('GET', https://localhost/SoundManager/NewSound.aspx?soundId=sdasinfrjbn34km3);
client.send();
If the web page, has permissions to be called by Anonymous or Registered user, it works perfectly.
But, if it is only allowed a user with TestSoundRole, it will not allow the web page to be called.
Anyone knows how can I pass the session id from javascript, when I call an OutSystems page, so it gives the correct permissions and maintain the session active?
Thank you.
Diogo Nesbitt
Hello João,
In my opinion the best way its to create a record on your database that you use to give access to that request.
When your request opens the webpage, read the table, delete the writen token and delete it.
if there is no token, the request fail.
Miguel Ventura
Staff
Hi João,
In order to prevent session hijacking, the session related cookies are marked as Http-Only and therefore are used in the HTTP headers but are not visible to Javascript. This is a
standard practice
in all http session management middlewares.
There are other ways in which you can handle this scenario:
if you're already logged in "localhost", session should be maintained across requests; you should only hit this problem when trying to do cross-domain accesses
if for any reason your session cookie isn't being sent by
XMLHttpRequest
, you may generate a temporary login token and pass it on as a parameter to an intermediate page that could call the
Login
action based on that parameter, and afterwards redirect to
NewSound.aspx
with the same
soundId
parameter
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting.
See the full guidelines
Loading...