We are still at the same project at described here: https://answers.atlassian.com/questions/50367209
As @James Hazelwood suggest us, we did setup the cache service redis (connect-redis).
Redis works fine with FF and Chrome Browser but it doesn't work with safari.
The problem is that the session vars are getting lost after the first route.
e.g.:
request to the default endpoint (configured in the atlassian-connect.json) and the session looks like this:
Session { cookie: { path: '/', _expires: 2017-02-24T17:11:21.686Z, originalMaxAge: 1800000, httpOnly: true, secure: true }, URL: 'https://test.net' }
After posting a from to a other endpoint (/login) the session object looks like that:
Session { cookie: { path: '/', _expires: 2017-02-24T17:11:21.343Z, originalMaxAge: 1800000, httpOnly: true, secure: true } }
So the variable URL gets lost.
Any ideas why ?
Thank you for your support
Community moderators have prevented the ability to post new answers.
Safari does not accept 3rd-party cookies by default, which is the reason why cookie-based sessions should not be used in Connect add-ons: Users only ever hit the add-on URL in an iframe, but not directly, so the add-on is seen as a 3rd-party. This means that you'll see a new session on every request.
The solution is described on https://bitbucket.org/atlassian/atlassian-connect-express, in the section called "How to send a signed HTTP request from the iframe back to the add-on service": Essentially you create another JWT in the add-on, which can be used for subsequent request from the iframe to the add-on backend.
Hello @Patrick Streule you are right and i already using JWT for secure backend requests from iframe.
The question is, how can is how can i have a session like store (like redis) which is not cookie based ?
I need to use session variables.
Any ideas for this issue ?
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.