I am using XMLHttpRequest to communicate with a remote server. After the initial authentication, sessions are tracked by passing a session id/token via cookie with every request. Everything works as expected. XMLHttpRequest passes the cookie with every request.
My connectedTV widget has 1 full screen view that instantiates the mediaplayer singleton object and sets a playlist of urls that fetch mp3's from said remote server. The http requests by the mediaplayer do not include the cookie: the http cookie header is empty.
Can someone please verify that this is the expected behaviour. Is there a method that sets the cookie for the mediaplayer object? Would there be a security concern setting the cookie because it is a singleton?
Unfortunately the mediaplayer implementation is dependent on the OEM and Konfabulator just passes the video URL for them to play and therefore can't set the cookies there. You can try and provide https URLs for videos and probably even make them dynamic/fast-expiring for security. Please refer http://developer.yahoo.com/forum/Getting-Started-Beginners-Yahoo-/login-verification/1267571185000-17c0962a-abc7-3c76-961b-4f7933acf04c for more.