Skip to main content

Posts

Showing posts from 2016

Caching HTTP Handlers

There comes a time in an ASP.Net developer's life when he must write own HTTP handler. Quite often the handler has to return a static or a rarely changable content and the developer should implement caching of it. Step 1. Specify how long data should retain cached. Someone does it this way: context.Response.Cache.SetExpires(DateTime.Now.AddDay(1)); Someone likes this approach: context.Response.Cache.SetMaxAge(86400); //1 day in seconds The most careful developers use both: context.Response.Cache.SetExpires(DateTime.Now.AddDay(1)); context.Response.Cache.SetMaxAge(86400); All the above are correct in their own way. The first example sets an absolute expiration date. In the list of headers it looks like this: Expires: Mon, 25 Jul 2016 19:50:09 GMT This header was introduced in the HTTP/1.0 specification but it is supported by HTTP/1.1 too. A small pitfall related to this header is that the expiration date and time are set explicitly and it may cause issues if time…

JIRA REST API: Cookie-based Authentication

Three authentication methods are proposed by the JIRA REST API documentation: Basic Authentication is a simple but not very safe approach. Credentials are sent in the header on every request and encoding to Base64 is not a proper protection in this case; HTTPS connection is required. OAuth authentication - looks a bit complex and requires additional configuration at the JIRA server that is not always possible. Cookie-based Authentication - this approach seems to be the most convinient one: credentials are checked once, then the authentication cookie only is sent on subsequent requests. However, trying to use the cookie-based authentication I encountered an issue. The approach described in the documentation worked partially: I was able to create a new session and get the response containing the session cookie but all subsequent requests using this session cookie were rejected as unauthorized. Spending some time investigating this I found the cause of the issue: JSESSIONID is not th…