IPPhone services & cookie

Unanswered Question
Mar 7th, 2009

Hi all, I'm writing an application for ip phone services that in some case require an authentication (simple form with user and password)

This because the last firmware have introduced a menu in the services so the name/sep not arrive at my apps. The sep is sent in GET only for the first request (menu in my case) and not in my custom url on the first items of menu.

Isn't it? There are some ways for have the name in all request of the phone?

In the case of my apps is under the first menu I don't wont that my user put login information every times want to access.

How can I save a cookie that expire in one year for example? I do some test but the cookie is destroied every time the services button is pressed.

Thanks Enrico.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
msabir Sat, 03/07/2009 - 09:25

Yes, phones don't accept the cookies. So you have to come up with your own way to save authentication info.

What we do in our applications, the first time we prompt user for login screen in the phone. After the successful login, we save the IP, user name and time stamp on the database table. For all subsequent requests, we do a look up based on the IP address and compare the time stamp. Instead of IP, you can also use the MAC address of the phone (it is appended to the incoming URL).

stephan.steiner Tue, 03/10/2009 - 01:29

Either append the device name to each subsequent url

(e.g when your menuitem has an url http://myserver/somepath/somepage.asp then instead you'd do http://myserver/somepath/somepage.asp?device=SEP123)

or you store it in the session variable.

The developer guide is very specific about cookies - basically you only have session cookies:

The Cisco Unified IP Phone can receive and use a total of four cookies per host

per session and can store information for up to eight sessions at once. Each cookie

can be up to 255 bytes in size. These cookies are available until the server

terminates the session or the client session has been idle for more than 30 minutes.

On the latest generation phones which are capable of running multiple

applications concurrently (Cisco Unified IP Phones 7970G, 7971G, 7961G,

7941G, 7911G), the session state is also cleared whenever the application window

closes. This behavior is consistent with PC-based browsers and provides better

security since anyone attempting to reopen a secure application would be forced

to authenticate. If the client is connecting to a new server and all session resources

are in use, the client clears and reuses the session with the longest inactivity time.

So, you have no choice but to cache the authentication on the server using some kind of persistency mechanism.

Actions

This Discussion