ASP.net Adobe Air communication, session control

0
votes

Project: Adobe Air for Android with connection to the ASP.net. Here is AS3 code:

//First login to the server and also grabbing from there ASP_NET_SessionId data (Cookie).
var session:String;

var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.TEXT;

var request:URLRequest= new URLRequest("https://somedomain.com/someaddress.aspx"); //yes with https
request.data = '{ "Message":"Login", "Data": { "User":"[email protected]", "Password":"somepassword" }}';
request.method = URLRequestMethod.POST;   

loader.addEventListener( HTTPStatusEvent.HTTP_RESPONSE_STATUS, httpStatusHandler);   
loader.addEventListener(Event.COMPLETE, completeHandler);
loader.load(request);

private function httpStatusHandler(e:HTTPStatusEvent):void 
{
    for each (var object:Object in e.responseHeaders)
    {
           if (object.name == "Set-Cookie")
           {
              var match:Array =object.value.match(/ASP.NET_SessionId=(.*?);/i);
              session = match[1];
              return
           }
    }
}

Next call is with session data (Cookie) I got already:

var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.BINARY; //now I just need binary data

var request:URLRequest= new URLRequest("https://somedomain.com/someaddress.aspx"); //yes with https
request.data = '{ "Message":"DoSomeStaff", "Data": { "Some":"info"}}';   
request.method = URLRequestMethod.POST;
request.requestHeaders = new Array(new URLRequestHeader("Cookie", "ASP.NET_SessionId=" + session )); //addedd Cookie data here

loader.addEventListener(Event.COMPLETE, completeHandler);
loader.load(request);

And I'm losing session on server and can't get data (need to relogin)

Also I have this line in crossdomain.xml

allow-http-request-headers-from domain="*" headers="*"

ASP.net server side has no problem cause, the same kind of call from PHP works fine. Here it is:

$data_string ='{ "Message":"Login", "Data": { "User":"[email protected]", "Password":"somepassword" }}';
$ch = curl_init('https://somedomain.com/someaddress.aspx');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json charset: UTF-8','Content-Length: ' . mb_strlen($data_string)));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER ,1);
$result = curl_exec($ch);
curl_close($ch);

preg_match('/^Set-Cookie:\s*([^;]*)/mi', $result, $m);
parse_str($m[1], $cookies);
$sessionId = $cookies["ASP_NET_SessionId"];

In the next call I'm just using that session variable:

curl_setopt($ch, CURLOPT_COOKIE, "ASP.NET_SessionId=$sessionId; path=/");

And everything works fine.

My question is: what I'm missing in my Actionscript code? Or what might be a problem?

1
phpasp.netactionscript-3airsession-cookies
Check for all events i.e. Urloader have IOErrorEvent ( help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/… ). In this case if you receive ioerror you can schedule another logon attempt later. - Azzy Elvul
I'm not getting any errors, on the serverside in C# code I have this (before I'm starting there something): if (Session["user"] == null) { return "session error" } That's what I'm getting as answer in AS3. - gMirian
Have you checked whether your app actually received the correct cookie data? And also whether the expected cookie header is actually being received by your server? In my experience Air and cookies has always been pretty funky on different OS/devices. At least in the emulator Air handles cookie retrieval/sending by itself. It shouldn't be necessary, but try setting request.manageCookies to false (it's at least required on Windows). btw, crossdomain restrictions apply to browser content only, not to apps. - ndm
Thank you very much! :) Damn... I just discarded manual cookie handling, let Air do it by itself and everything works like a charm (both emulator and device) :), I also checked what you suggest, in real I was killing original cookie on the server when resending it from Air's request header. Also you are right about crossdomain, just forgot that and tried to do everything possible :) - gMirian
Glad it worked out for you, I'll add my comment as a slightly reworded answer... - ndm

1 Answers

0
votes

Have you checked whether your app actually received the correct cookie data? And also whether the expected cookie header is actually being received by your server?

In my experience AIR and cookies has always been pretty funky on different OS/devices. However at least in the emulator AIR handles cookie retrieval/sending by itself just fine (during the application lifecycle), so you could give that a try in order to isolate the problem further.

Theoretically it shouldn't be necessary, but also try setting request.manageCookies to false (it's at least required on Windows) to make sure that AIR actually lets you set possible cookie headers that it would otherwise define by itself.

btw, crossdomain restrictions apply to browser content only, not to apps.