I login into a tomcat instance at mywebsite1.web.com where I get a JSESSIONID. As part of browsing activity I go to a different tomcat instance at mywebsite2.web.com - where I get a different JSESSIONID.
As part of an activity, I need to make an AJAX POST call to mywebsite1.web.com/user_activity. What I understand is that the JSESSIONID for mywebsite1.web.com will not be passed unless I pass withCredentials to true. In other words, if I do the following from mywebsite2.web.com/a_random_browser_page:
$.ajaxSetup({
url: "mywebsite1.web.com/user_activity",
global: false,
type: "POST",
xhrFields: {
withCredentials: true
}
});
$.ajax({ data: '' });
Would I be sending the correct JSESSIONID (originally issued by 'mywebsite1.web.com' at the beginning) ? Do I need to set any additional headers at mywebsite1.web.com to get this working?
** Note **
I am setting the following headers on my response
("Access-Control-Allow-Origin", "https://mywebsite2.web.com");
("Access-Control-Allow-Credentials", "true");
("Access-Control-Allow-Methods", "GET,PUT,POST,OPTIONS");
("Access-Control-Allow-Headers", "Content-Type,Accept,X-Requested-With,Session")
I tried to hit the URL with my browser and it works successfully and shows the headers correctly on the dev console inspector. So I am not sure what's wrong here.
Thanks,