[owncloud-devel] Problem handling session cookies in owncloud

Thomas Müller thomas.mueller at tmit.eu
Fri Jan 9 13:12:47 GMT 2015

Hi Moises,

generally speaking - external clients who want to interact with ownCloud should use the 
public http api and our webdav interface.


These types of api work by using basic authentication.

You should not rely on the mechanisms we use in the web ui.



Thomas Müller                 E-Mail: thomas.mueller at tmit.eu

Am Freitag, den 09.01.2015 um 13:59 schrieb Moises Solorzano:
> I'm new in owncloud and i am developing a Firefox OS client for it. When
>  I try to login and send the user credentials to the owncloud server, I 
> need to obtain in response the cookie that I will use to authenticate in
>  ownCloud in each request.
> My problem is that as I’ve seen in 
> Wireshark, when i make a POST request to login, the owncloud server 
> sends the response with a cookie header in a HTTP 302 message, but I 
> cannot read this message in my code because Firefox handles it 
> automatically (and therefore i cannot handle the cookie sent in this message) and I read the final HTTP 200 message without cookie 
> information in the
> request.reponseText; 
> request.getAllResponseHeaders();
> So
>  my question is if there is any option you could recommend me to read this 
> HTTP 302 message headers or if I can obtain the cookie from Firefox OS 
> before I send the next request, or make Firefox OS to add the cookie 
> automatically, or even change some parameters in the owncloud server 
> (disable cookie sessions, change the status code 302 to 200 in order to 
> let me handle directly the cookie...). I use the following code to make 
> the POST request:
> request = new XMLHttpRequest({mozSystem: true});
> request.open('post', serverInput, true);
> request.withCredentials=true;
> request.addEventListener('error', onRequestError);
> request.setRequestHeader("Cookie",cookie_value);
> request.setRequestHeader("Connection","keep-alive");  
> request.setRequestHeader("Content-type","application/x-www-form-urlencoded");
> request.send(send_string);
> if(request.status == 200 || request.status==302){
>   response = request.responseText;
>   var headers = request.getAllResponseHeaders();
>   document.getElementById('results').innerHTML="Server found";
>   loginSuccessfull();
> }else{
>   alert("Response not found");
>   document.getElementById('results').innerHTML="Server NOT found";
> }
> Thank you in advance for your support 		 	   		  
> _______________________________________________
> Devel mailing list
> Devel at owncloud.org
> http://mailman.owncloud.org/mailman/listinfo/devel

More information about the Devel mailing list