I am writing a website with Webdev 19 (Pc soft) and It run well on a developpement machine under w8.1 (IIS8.5) and another under Vista , but when I install it on a Windows server 2012 or 2008r2 , it does not run.
I use basic authentication
On the first request (login), all is OK and the remote server send me a cookie which I need for beeing authenticated for the next requests.
When sending the others requests (API GET) the cookie that I have received in the first login request, is not sended and the request is rejected because the cookie is used the authenticate my host during a time defined by a timeout .
Another software writed with Visualstudio 2008 using the same requests run well on the 2012 server.
I am a old beginner using IIS
I don't know where find the solution for this problem. I think it is a wrong setting on IIS. I have tried different authentication methods, no more success.
If someone had some idea about that, it will be welcome.
Sample of request which is OK:
POST /API/login/ HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2 Host: xxxx.xxxxxxx.com Content-Length: 43 Expect: 100-continue Connection: Keep-Alive |
HTTP/1.1 100 Continue |
username=xxxxxxxxxxxx&password=yyyyyyyyyyyyyy |
HTTP/1.1 200 OK
Date: Mon, 18 May 2015 13:55:23 GMT
Server: Apache/2.2.22 (Ubuntu)
Vary: Cookie
Set-Cookie: csrftoken=hmulfzTZbkCpaT3FGGHLCktJuFYuixaW; expires=Mon, 16-May-2016 13:55:23 GMT; Max-Age=31449600; Path=/
Set-Cookie: sessionid=x8iwimwthbl4e9walg75kwh794y6b1dm; expires=Mon, 01-Jun-2015 13:55:23 GMT; httponly; Max-Age=1209600; Path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json
5e
{"status": "login successful", "account": "uuuuuu", "company_id": 7, "name": "uuuuuu Concept"}
0 |
GET /API/status/ HTTP/1.1 Host: xxx.xxxxxxxxx.com Cookie: sessionid=x8iwimwthbl4e9walg75kwh794y6b1dm |
Sample of the same request on a windows server 2012 R2 without cookie
POST /API/login/ HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: PC SOFT Framework Host: xxxx.xxxxx.com Content-Length: 43 Cache-Control: no-cache username=xxxxxx&password=yyyyyyy |
HTTP/1.1 200 OK
Date: Mon, 18 May 2015 13:57:16 GMT
Server: Apache/2.2.22 (Ubuntu)
Vary: Cookie
Set-Cookie: csrftoken=oYEZJlZV1LN8ymXqtTW2a1R61o4NtjL1; expires=Mon, 16-May-2016 13:57:16 GMT; Max-Age=31449600; Path=/
Set-Cookie: sessionid=w1qs8kneleqj01tp68iovwe4tclqam1j; expires=Mon, 01-Jun-2015 13:57:16 GMT; httponly; Max-Age=1209600; Path=/
Transfer-Encoding: chunked
Content-Type: application/json
5e
{"status": "login successful", "account": "yyyyy", "company_id": 7, "name": "Ouuu"}
0 |
GET /API/status/ HTTP/1.1 Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2 Host: xxx.xxxxxxx.com |