We're running a Web Agent and we'd like to know what is the problem
with Ajax calls, when Web Agent will update the SMSESSION cookies when
Ajax applications are protected and if the REST API calls are also
Ajax calls ?
Could you precise us ?
At first glance, Web Agent handles only HTTP protocol requests.
What is HTTP?
Communication between clients and servers is done by requests and responses:
A client (a browser) sends an HTTP request to the web
A web server receives the request
The server runs an application to process the request
The server returns an HTTP response (output) to the browser
The client (the browser) receives the response
The Ajax code is Web 2.0 protocol, which is different from HTTP
What is AJAX?
Conventional web applications transmit information to and from the
sever using synchronous requests. It means you fill out a form, hit
submit, and get directed to a new page with new information from the
the server, interpret the results, and update the current screen. In
the purest sense, the user would never know that anything was even
transmitted to the server.
AJAX is a web browser technology independent of web server software.
A user can continue to use the application while the client program
requests information from the server in the background.
Behind-the-scenes data fetches using XMLHttpRequest objects in the
AJAX is a developer's dream, because you can:
Update a web page without reloading the page
Request data from a server - after the page has loaded
Receive data from a server - after the page has loaded
Send data to a server - in the background
So said, the Web Agent will not be aware of the use of the
XMLHttpRequests and data exchanges with the server, as they aren't
traditional Web Pages as explained above.
As such, if the browser stays on the same page permanently, the
SMSESSION cookie won't get renewed, even if the user uses the page
permanenlty. Then the Session Status won't represent the user
activity and vice-versa.
For that reason, the Web Agent offers the ACO Parameter
Apply SiteMinder Behavior to a Web Application Client
Configure SiteMinder to identify requests originating from the
script engine that is executing in the context of the Web browser.
Use a customized response to integrate SiteMinder-generated
behavior, including a challenge, with the functionality of the web
Configure the response format for requests from Web 2.0 resources
(AJAX and other API-based calls) at the global level.
the WebAppClientResponse parameter lets you integrate the required
functionality to redirect users after a session timeout.
Further, REST protocol uses operation as GET, PUT, POST etc. as
traditional Web pages, and thus, these calls can be catched by the Web
Agent. Ajax is different, as it's concentrated on data exchanges :
Is AJAX a Rest api
Using REST we can do operations (PUT,POST,GET,HEAD) but by using
AJAX we can only retrieve data from server side , AJAX can be a part
of REST but REST can never be AJAX
Further reading :
I don't see IdleTimeout Reason when the Web Agent is configured for webappclientresponse
Apache Reverse Proxy Web Agent doesn't process the WebAppClientResponse
Screen freezing after leaving the screen idle for few minutes.
Issue during the AJAX call.
Web Agent :: Ajax returns 302 code as it should not