EricGiguere.com > Eric's BlackBerry Pages > Cookie Caching |
Screen-friendly version | Set your preferences |
A documented feature of the BlackBerry Enterprise Server (BES) is the ability to have the BES handle cookies on behalf of client applications. In other words, any Set-Cookie headers sent back in HTTP responses can be intercepted by the BES (which is acting as a web proxy server) and stripped out of the response sent back down to the client. The cookie is then automatically inserted into subsequent requests by the client app when its request passes through the BES (again, in its capacity as a proxy server).
In my opinion, this cookie handling feature is not a feature but a bug. The basic problem is this: if a session cookie is used, there's no way for the application to signal the BES that the "session" is finished. The normal behavior is for the client to clear session cookies when the session terminates. In a browser, this usually means when the browser is exited. In a J2ME application, the application simply stops sending the cookie in subsequent requests.
But since the BES is handling the cookies for you, when exactly does the "session" end? It doesn't! So what happens is that you get a stale cookie being appended to your app's requests. If the server on the other end doesn't like it, too bad.
The best solution? Turn off the BES-level cookie handling and let the application do the cookie handling by itself. All you do is set this property in the configuration file:
application.handler.http.CookieSupport = false
You can also set it directly from the BES management console.
If for whatever reason you can't disable BES cookie handling (such as when your IT department won't let you change the BES settings) then there's a back door that works with more recent devices. This back door lets you override the cookie handling on a connection basis. It's what RIM's own browser uses.
All you do is this: when your application makes its HTTP request, set the "Accept" header to the following string:
text/html;application/x-javascript
This is easily done using the HttpConnection.setRequestProperty method, of course. When the BES sees this, it thinks that the browser is making the request and it lets the Set-Cookie header pass through unscathed down to the application and doesn't append any Cookie headers on the request.
Truly a hack, but a hack that works.
Sponsored
Links |
Why are these ads here? |
|
Copyright ©2003-2009 Eric Giguere | Send mail about this page | About this site | Privacy policy Site design and programming by Eric Giguere | Hosting by KGB Internet Solutions This site is Java-powered | Get Firefox! This page was last modified on September 12, 2005 |