How do I include cookies within a JSON response in Rails?

Question

I am making a PhoneGap-based iPhone app which will connect to a Rails backend. I'm using jQuery to create an Ajax request to Rails server. I'm successfully getting a server response, but I'm having problems with getting cookies and managing sessions.

By default, Rails sends a Set-cookie header when responding to an HTML request. This doesn't seem to happen when Rails sends a JSON response to an Ajax request.

Is there a way to send a Set-cookie header when an Ajax request is made to a Rails server?

Here's is what I have in my ApplicationController (I am using Devise for Authentication):

def sign_in_and_redirect(resource_or_scope, resource=nil)
scope      = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
sign_in(scope, resource) unless warden.user(scope) == resource
respond_to do |format|
   format.html {redirect_to stored_location_for(scope) || after_sign_in_path_for(resource) }
   format.json {render :json => { :success => true, :session_id => request.session_options[:id], :current_user => current_user} }
end

Here is the jQuery function I am using to make the Ajax request

$('#user_submit').click(function(){
    $.ajax({beforeSend: function(xhrObj){ xhrObj.setRequestHeader("Accept","application/json");},
      type: 'POST',
      url: 'http://localhost:3000/users/sign_in',
      data: "{'user':{'remember_me':'0','password':'pass1word','email':'email@company.com'}}",
      contentType: "application/json",
      dataType: "application/json",
      complete: function(data, textStatus){
      }
    });
 });

I haven't come up with a clear answer via Googling, so hopefully you can help. I found this, but didn't find it too helpful:

http://groups.google.com/group/rubyonrails-talk/browse_thread/thread/66751d8e54f2fee6

Answer 1

It looks like Rails does indeed send a Set-cookie header by default when responding to an Ajax JSON request. The problem is that Safari doesn't accept the cookies because it sees it as an external source. To accept the cookies, you'll need to change the security preferences in Safari for "Accept cookies" to "Always" when testing HTML-based iPhone apps in your local Safari.

In Phonegap, you can do the equivalent of this in a few ways from what I can tell:

http://groups.google.com/group/phonegap/browse_thread/thread/3290c5ac4e05be69?fwc=1 http://stackoverflow.com/questions/3709315

Answer 2

I've met the same problem and I can't confirm what you said in your answer to yourself. When I use curl to do the a request twice, first time with "Accept: text/html" and the second time with "Accept: application/json" the server doesn't send a Set-Cookie header in the latter case. Unfortunately I haven't come up with a solution for this.

The specification says:

"If the user agent supports HTTP State
Management it should persist, discard and send cookies (as received in the Set-Cookie and Set-Cookie2 response headers, and sent in the Cookie header) as applicable."

As this specification is a Candidate Recommendation it is probably not yet implemented consistently across browsers. The server might therefore omit setting cookies, I don't know.