I need to set a specific named cookie. In the past I would include javascript in the of every HTML report to set the cookie value. I would prefer to set this cookie from wfs script processing, but haven't figured out how and where to set this up. Basically I want to effect the response header Set-Cookie on every request. Does anyone have a suggestion how to do this? (a function, CopyWFVarToHTTPCookie, would do what I want, but I don't believe exists from what I've found searching the documentation.)

This message has been edited. Last edited by: Steve F,

I don't know if this is kosher at all, but you could add some HTML in a site profile fex.

Add something like this to Admin Console > Configuration > Custom Settings:

_site_profile=-INCLUDE SITEPROF

(SITEPROF is the name of a FEX)

In SITEPROF.FEX:

-HTMLFORM BEGIN
<html>
<head>
<script type="text/javascript">

fnSetCookie('test_cookie2','xxxxxxxxxxxxxxxx');

// Sets the value of a cookie specified by "name" ------------------------------
function fnSetCookie(name, value, expires, path, domain, secure)
{
var argv    = fnSetCookie.arguments;
var argc    = fnSetCookie.arguments.length;
var expires = (argc > 2) ? argv[2] : null;
var path    = (argc > 3) ? argv[3] : null;
var domain  = (argc > 4) ? argv[4] : null;
var secure  = (argc > 5) ? argv[5] : false;

document.cookie = name + "=" + escape (value) +
  ((expires == null) ? "" : ("; expires=" + expires.toGMTString())) +
  ((path == null)    ? "" : ("; path="    + path)) +
  ((domain == null)  ? "" : ("; domain="  + domain)) +
  ((secure == true)  ?       "; secure" : "");
}
</script>
</head>
</html>
-HTMLFORM END

This may not be recommended but it appears to work on my test server.

Thank you Francis. I'll have to test this, but at first glance, I believe this would cause the listed html to be sent to the browser followed by the report server html output. Where IE would probably display it, it isn't complient and browsers like Firefox could ignore the second html document.

What I have set up is a single sign-on for many applications written in other languages in addition to WebFocus. On authenticated logon, a cookie named 'LDAPAUTH' is created and holds the login user's ID and a datetime stamp. The value is encrypted (AES) and base64 encoded. The cookie, if it exists, means that the user successfully logged in one of the applications. I can read the cookie with no problem, and extract the information using cgi shell exit or user written subroutines. One of the rules on our single sign-on is that each request to the WebFocus CGI needs to update the datetime stamp with the current time. It is this part of the process I don't know how to do in WebFocus CGI. I can regen the content, but can't get it back into the cookie. And, I was hoping to make this transparent to the report developer in that it should happen at the wfs cgi process level, and not at the report gen level. I might have to use the servlet plug-in interface in order to gain access to the response header 'Set-Cookie', but was hoping to avoid using the servlet interface.

Yes, the HTML code does get sent to the web browser window, so that's no good.

Have you taken a look at the "WebFOCUS Security and Administration" manual? It may have what you're looking for.

It looks like my best option is to extend the WFEXT servlet plug-in to add a CopyWFVarToHTTPCookie function. Since I'll already be inside that jar, I'll probably implement the AES and base64 decoding functions (much easier than implementing in C++, although not as fast).

Well, have fun then

Steve

I think Francis is on the right track with using _site_profile. What I have done is roughly the same, but added a self submitting form in the html as well as creating the cookie. The form called the actual request made, using IBIF_ex and IBIF_parms. I don't have the code to hand, but it was straightforward. First pass through _site_profile do the html to set the cookie and submit form, second pass through bypass that section because a value on the form was set. I think the only addition I needed to make was to pass IBIF_ex out from site.wfs so that I could then use it on the form as an &variable.

If you need it, I can get my hands on the code later this week and get more detail.

"CopyWFVarToHTTPCookie" ... Does such a method even exist? I just browsed the WFEXTDefault.class and looked it up in the security doc (for 764), and ... nada.