Javascript Application Integration

Javascript Application Integration

  
Hi,

I'm having a problem with a specific integration in OutSystems Platform.

Basically, I have a javascript code that calls an outsystems web page, like:

var client = new XMLHttpRequest();
client.onreadystatechange = newSound_Response;
client.open('GET', http://localhost/SoundManager/NewSound.aspx?soundId=sdasinfrjbn34km3);
client.send();

If the web page, has permissions to be called by Anonymous or Registered user, it works perfectly.

But, if it is only allowed a user with TestSoundRole, it will not allow the web page to be called. 

Anyone knows how can I pass the session id from javascript, when I call an OutSystems page, so it gives the correct permissions and maintain the session active?

Thank you.
Hello João,

In my opinion the best way its to create a record on your database that you use to give access to that request.
When your request opens the webpage, read the table, delete the writen token and delete it.
if there is no token, the request fail.
Hi João,

In order to prevent session hijacking, the session related cookies are marked as Http-Only and therefore are used in the HTTP headers but are not visible to Javascript. This is a standard practice in all http session management middlewares.

There are other ways in which you can handle this scenario:
  • if you're already logged in "localhost", session should be maintained across requests; you should only hit this problem when trying to do cross-domain accesses
  • if for any reason your session cookie isn't being sent by XMLHttpRequest, you may generate a temporary login token and pass it on as a parameter to an intermediate page that could call the Login action based on that parameter, and afterwards redirect to NewSound.aspx with the same soundId parameter