0

I am using websockets to communicate to server to avoid ajax polling as its taking upto 3-4 minutes to serve the request. At server I need session information to serve the request but the problem I faced on UC browser(Android, iphone) is that it is not sending session cookie in websocket calls as it is httponly. Whereas all other browsers send. Also googling up I couldnt find any such issue reported earlier for UC browser. Also since it would not send session cookie, my server would think its a fresh call and creates new session, which makes current user to be logged out. Can anyone help me on this, am I doing something wrong or is this a uc browser issue.

Kshtiiz Gupta
  • 11
  • 4
  • A browser is supposed to send cookies including `httponly` cookies with the HTTP request that starts a webSocket connection. So, unless there's some browser configuration option to control this, it just sounds like a browser bug. – jfriend00 Apr 05 '17 at 07:03
  • Here's the [same issue](https://bugs.webkit.org/show_bug.cgi?id=34289) fixed in webKit in 2010. Probably a UC bug. – jfriend00 Apr 05 '17 at 07:12
  • In that case the only solution I could think of was to detect uc browser via user agent and serve its request by normal blocking http calls than websocket. Could there be a better way to handle this situation? – Kshtiiz Gupta Apr 05 '17 at 07:17
  • There could be weird work-arounds such as after a webSocket connects, you send a unique ID back to the client and then the client does a single Ajax call to the server with that unique ID. The http-only cookies will get sent with that ajax call (presumably) and you will have a unique ID of the socket and you could associate the cookies with the webSocket connection then. Since this is a bug that should be fixed sometime in the future, I wouldn't browser test, but rather devise a feature test so if the bug is fixed, your code will just use the fixed webSocket. – jfriend00 Apr 05 '17 at 07:20
  • The problem with the approach you suggested is that if websocket connects, a new session is created as server thinks of it as a fresh request in absence of session cookie. – Kshtiiz Gupta Apr 05 '17 at 07:50
  • You would have to change your server so it implements the work-around. You asked for a way to deal with this and I offered one. It's up to you if you want to implement it or not. – jfriend00 Apr 05 '17 at 15:34

0 Answers0