ASP.net Adobe Air communication, session control

Question

Project: Adobe Air for Android with connection to the ASP.net. Here is AS3 code:

//First login to the server and also grabbing from there ASP_NET_SessionId data (Cookie).
var session:String;

var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.TEXT;

var request:URLRequest= new URLRequest("https://somedomain.com/someaddress.aspx"); //yes with https
request.data = '{ "Message":"Login", "Data": { "User":"some@email.com", "Password":"somepassword" }}';
request.method = URLRequestMethod.POST;   

loader.addEventListener( HTTPStatusEvent.HTTP_RESPONSE_STATUS, httpStatusHandler);   
loader.addEventListener(Event.COMPLETE, completeHandler);
loader.load(request);

private function httpStatusHandler(e:HTTPStatusEvent):void 
{
    for each (var object:Object in e.responseHeaders)
    {
           if (object.name == "Set-Cookie")
           {
              var match:Array =object.value.match(/ASP.NET_SessionId=(.*?);/i);
              session = match[1];
              return
           }
    }
}

Next call is with session data (Cookie) I got already:

var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.BINARY; //now I just need binary data

var request:URLRequest= new URLRequest("https://somedomain.com/someaddress.aspx"); //yes with https
request.data = '{ "Message":"DoSomeStaff", "Data": { "Some":"info"}}';   
request.method = URLRequestMethod.POST;
request.requestHeaders = new Array(new URLRequestHeader("Cookie", "ASP.NET_SessionId=" + session )); //addedd Cookie data here

loader.addEventListener(Event.COMPLETE, completeHandler);
loader.load(request);

And I'm losing session on server and can't get data (need to relogin)

Also I have this line in crossdomain.xml

allow-http-request-headers-from domain="*" headers="*"

ASP.net server side has no problem cause, the same kind of call from PHP works fine. Here it is:

$data_string ='{ "Message":"Login", "Data": { "User":"some@email.com", "Password":"somepassword" }}';
$ch = curl_init('https://somedomain.com/someaddress.aspx');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json charset: UTF-8','Content-Length: ' . mb_strlen($data_string)));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER ,1);
$result = curl_exec($ch);
curl_close($ch);

preg_match('/^Set-Cookie:\s*([^;]*)/mi', $result, $m);
parse_str($m[1], $cookies);
$sessionId = $cookies["ASP_NET_SessionId"];

In the next call I'm just using that session variable:

curl_setopt($ch, CURLOPT_COOKIE, "ASP.NET_SessionId=$sessionId; path=/");

And everything works fine.

My question is: what I'm missing in my Actionscript code? Or what might be a problem?

Answer 1

Have you checked whether your app actually received the correct cookie data? And also whether the expected cookie header is actually being received by your server?

In my experience AIR and cookies has always been pretty funky on different OS/devices. However at least in the emulator AIR handles cookie retrieval/sending by itself just fine (during the application lifecycle), so you could give that a try in order to isolate the problem further.

Theoretically it shouldn't be necessary, but also try setting request.manageCookies to false (it's at least required on Windows) to make sure that AIR actually lets you set possible cookie headers that it would otherwise define by itself.

btw, crossdomain restrictions apply to browser content only, not to apps.