Phonegap/cordova

[Manol]

Hi.

   Is there a way to login to processwire from ajax keep the session and then call a page which uses a template allowed to certain role to get some data back? The problem is that is a mobile app and is not in the same server so its like cookies where lost.

   I'm developing a mobile application with cordova to get information about some monuments (images, description, visit timetable...),  the data of those pages is only available by certain role, so users must login, so far so good but  when I try to call to get monuments data I get no permission.

  Is there a way to login to pw through ajax and than call again to get more data from the server?

[BitPoet]

You need to allow credentials for cross domain requests for ajax calls in the mobile framework you use. For regular xhr objects this just means setting

xhr.withCredentials = true;

but depending on the library, this may have to be done in a less direct way (like in beforeSend in jquery where you have access to the xhr object).

[Manol]

Hi BitPoet

I've but get the following error

XMLHttpRequest cannot load http://miweb/login/. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://localhost:9000' is therefore not allowed access.

In my php file

header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Methods: PUT, GET, POST, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Authorization, X-Requested-With, Content-Type, Origin, Accept");
header('Access-Control-Allow-Credentials: true');

an in my angularjs file

    .config( function($routeProvider, $httpProvider){
        $httpProvider.defaults.useXDomain = true;
        $httpProvider.defaults.withCredentials = true;
        delete $httpProvider.defaults.headers.common['X-Requested-With'];        
    })

[BitPoet]

You can't use a wildcard in Access-Control-Allow-Origin if you want to do XHR. A simple workaround would be to return the value of the Origin request header instead of the wildcard.