Home/ Questions/Q 7032209
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T00:54:18+00:00

I’m currently working on a userscript with jquery, which calls https requests on a

  • 0

I’m currently working on a userscript with jquery, which calls https requests on a http webpage to login a forum.
But now I met a cookies problem: the cookies could not be set via ajax requests.

Here two images show the difference between traditional login and ajax login:

Traditional one:

  1. Post username and password and get set-cookie
  2. Send cookies to server to gain access to some webpage
    traditional login

Ajax one:

  1. Use $.post() to post username and password, and get set-cookie
  2. Not sending cookies to server

ajax login

And here I post my greasemonkey userscript:

// ==UserScript==
// @name           test
// @namespace      test
// @description    test
// @include        http://solidot.org/*
// @require        http://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js
// ==/UserScript==
//after events dealing and blahblahblah
$.post('https://bbs6.sjtu.edu.cn/bbslogin',{id:'some',pw:'password'});
$.post('https://bbs6.sjtu.edu.cn/bbssnd',{board:'SJTUNews',title:'some',text:'article'});

Can somebody help me out?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Because your login is on http: and your website to post to is on https:, you’re dealing with cross-site-scripting limitations built into the browser and into jquery. I’ve run into similar issues when using jquery to a web service on the same server, but different port (which you’re trying to do as well).

    Some options:
    – do the post by a normal form button
    – move the jquery to https domain (which would require https access prior to login; this gives secure password transmission, yet you’ll have to block access to content separately from https access)
    – use some server side script to bridge the gap. I found http://benalman.com/projects/php-simple-proxy/ to be very useful.

    To diagnose the issue (to check if my hypothesis is right), you may use the web console built into Firefox (I prefer FireBug), or an optional developers package for Chrome.

    Look at the console; check the post command. Note the domain/port your post is going to. I expect that the domain/port info is stripped from the post.

    Another option: Cross domain with jQuery. But please be careful: when allowing cross domain, take care not to open the back door for just any other domain!

    Hope this helps.

    • 0