stackoom
  简体   繁体   中英

How to set cookie header for webSocket javascript?

 原文  2017-04-05 08:26:22       javascript/ web-services/ cookies/ websocket/ kerberos

Question

I am trying to open a websocket to a server with kerberos authentication, error during handshake occurs (error code : 400) ; i saw it's not possible to send credentials through web socket and what i have to do is to set the username and password through web socket cookie and the server will read them. So how can i set cookies for web socket ? thank you,

2 answers

solution1
 0  2017-04-05 17:55:44

You can set cookies for a webSocket connection the same way you set regular cookies, with document.cookie = xxxx . All webSocket connections start with an HTTP request (with an upgrade header on it) and the cookies for the domain you are connecting to will be sent with that initial HTTP request to open the webSocket.

So, as long as you are doing the webSocket connection to the same domain as your web page, then you can just set a cookie for that web page and it will be sent with the webSocket connection request. And, as with other cookies, you set a cookie using document.cookie as described here on MDN .

solution2
 0  2018-07-22 18:38:58

It depends on the browser. You may implement handling cookies if they arrive with the initial HTTP request to initiate a WebSocket connection, but if you can't require your users to, say, use Safari, which sends cookies with WebSocket open requests, and not Chrome, which does not, you'll probably have to implement a mechanism for the client to send in the session identifier in-band.

One simple way to achieve this is for the client code to send in the session identifier as the first message in response to the open event, and the server code to interpret the first incoming message's content as the session cookie, to set up the appropriate privilege context (or perhaps close the connection if the cookie is unknown or otherwise grants no privileges to its bearer).

Alternatively, if your WebSocket protocol has some sort of structured message infrastructure, you may define a specific message type for passing a session cookie to the server, as well as a matching response type for the server to let the client know what it thinks of the cookie.

It may be tempting to pass the session cookie in an URI parameter, as in ws://example.com/service?SESSION=123456 . This can be adequate in prototyping, but it is probably ill-advised in production, since session cookies should generally be treated as more sensitive than it is customary to treat the list of URIs requested from a web server. Passing session cookies in such a way can work in the short term, but may increase the risk of their accidental exposure via, say, careless analytics techniques. This concern could in some other context be alleviated by passing the sensitive identifier in the body of the request (for example, as a so-called POST parameter), but WebSocket open requests can not have a non-empty body.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to set cookie in request header for websocket in Javascript? How to post request header cookie in WebSocket javascript How to set WebSocket Origin Header from Javascript? Javascript websocket client adding cookie to header Set WebSocket Origin header in JavaScript How do I SET a Cookie (header) with XMLHttpRequest in JavaScript? Cookie in header javascript error "Refused to set unsafe header "Cookie"" How to set a cookie with JavaScript? set-cookie header not being returned by javascript Set-Cookie header not accepted by javascript fetch
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM