I'm pulling my hair on this one. It might not be a jQuery issue but
just the BROWSER issue. But since I am planning to use jQuery, the
issue applies to it as well.
First, this is under FIREFOX only. I don't see this behavior with IE
and OPERA. But I think maybe it may something by FF design and/or the
others don't see it as a "Security issue."
I can reduce the issue to this and I'm looking for an answer:
- I am using XHR to login and XHR to logout.
- The /Logout Url is not work because the Authentication header is
not passed with the XHR
I narrowed it down to this:
If the original URLl PATH (not domain) that forced a login is
different from the "/logout" url, then XHR will not pass the
Authentication header.
So I can have this for example:
// Four Buttons binded to XHR calls
$("#btnLogin").click($.get("/login"));
$("#btnLogout").click($.get("/logout"));
$("#btnUrl1").click($.get("/folder1/someurl"));
$("#btnUrl2").click($.get("/folder2/someurl"));
if the user logs in via the login button, and then log off via the
logout button, its all fine.
However, if the user goes directly to a private side folder url by
clicking the folder buttons, the server forces the login as expected,
but from that point, the logout button doesn't work because the XHR is
no longer sending the Authentication Header.
So its not a Cross-Domain thing but a Cross Folder issue.
Make sense?
If so, how can I resolve this with jQuery and Firefox or I am beating
a dead horse?
--
HLS
