Javascript ajax GET call does not include cookie-sid on initial page load

In my application, when /iframe is requested, I create a cookie and serve the iframe.html file. In the html file I use a Javascript Ajax call to request for user data (/user), which is called on $(document).ready and needs to pass the sid from the cookie (so I know the call is authenticated).

The problem is that, the cookie-sid is not passed along with the Ajax get call the first time /iframe is requested (when there is no cookie yet). After reloading, the cookie-sid is passed with the /user call.

Does anyone have any suggestions on fixing the initial load?

I know the browser receives and stores开发者_如何学编程 the cookie, then sends it back to the web site every time a new page is requested, but does this also count for initial Ajax calls?

By default, “credentials” such as Cookies and HTTP Auth information are not sent in cross-site requests using XMLHttpRequest. In order to send them, you have to set the withCredentials property of the XMLHttpRequest object.

See http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/.

Example

var request = new XMLHttpRequest();
var url = 'http://bar.other/resources/credentialed-content/';
function callOtherDomain(){
  if(request)
  {
   request.open('GET', url, true);
   request.withCredentials = "true";
   request.onreadystatechange = handler;
   request.send();
  }