Distinguish between original request and requests to load resources in a page

I am developing a plugin on top of proxy which will validate the user and serve the url. Now, a web page can have many other resources like json, images, js etc and those resources might be loaded from different sources. I want to validate only the main url the user typed in the browser and once validated, I should serve all the resources for the page. Otherwise, those background calls will wait for validation and won’t be served.

How can I distinguish between the original request (so that I can ask for validation) and the request for resources to serve the page (as the user has already been validated, need to bypass validation for resources to serve the page)?


Why will the subsequent requests not load? If the user is authenticated on the initial request, and let’s suppose you set a cookie, the subsequent requests will also have that cookie and come in authenticated (you still have to verify it of course).

Because the original domain requested and the domain responsible for validation are different. So, once I start serving the original request, the cookie is no longer available. Also, the resources requested are sometimes don’t end with the same domain e.g. bbc.com does not request all the resources from domains end with bbc.com.

When you set your cookie, you will need to set it for all domains you expect to need to access that cookie.

While you can set a cookie for an entire domain including all subdomains, you can’t set a cookie for a separate domain - so to do that you’ll need to have your authentication page make sub-requests to pages on your other domains that set the cookie.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.