Hi, I have been testing Axis1.0 Rel Under Tomcat 4.1.12 and sessions are not working properly when we have authentication turned on and a WebService is deployed as "Session" scope.
On the client setMaintainSession(true) has been done.
When Single Sign On is turned on in tomcat. It sends JSESSIONIDSSO cookie. And since the WebService is deployed at Session Scope, it sends back a JSESSIONID named cookie. However the client returns only the last listed cookie in the response.
A result of this is 1 - After first call Auth takes place and a new
WebService object is created for the "new" session.
2 - Second request to the WebService results in the
JSESSIONID being sent and not the JSESSIONIDSSO.
Which re authenticates me - AND sends a new
JSESSIONIDSSO.
As a result of this the next request to the Server results in only the JSESSIONIDSSO going in and not the JSESSIONIDand this leads to my WebService losing state.
Could be related to this bug in the code: http://developer.java.sun.com/developer/bugParade/bugs/4242254.html
java.net doesnt let you set multiple cookies on connections any more.
you could, and someone reported this as a bug, and whoever maintains the source doesnt understand enough of the HTTP spec (an ongoing issue), so they turned the feature off.
What happens using the http library from the jakarta commons project & the latest Axis RC?