Hi, I have been testing Axis1.0 Rel Under Tomcat 4.1.12 and sessions are not working properly when we have authentication turned on and a WebService is deployed as "Session" scope.
On the client setMaintainSession(true) has been done. When Single Sign On is turned on in tomcat. It sends JSESSIONIDSSO cookie. And since the WebService is deployed at Session Scope, it sends back a JSESSIONID named cookie. However the client returns only the last listed cookie in the response. A result of this is 1 - After first call Auth takes place and a new WebService object is created for the "new" session. 2 - Second request to the WebService results in the JSESSIONID being sent and not the JSESSIONIDSSO. Which re authenticates me - AND sends a new JSESSIONIDSSO. As a result of this the next request to the Server results in only the JSESSIONIDSSO going in and not the JSESSIONIDand this leads to my WebService losing state. Regards Saradhi. P.S : For clearer understanding I could post the TCP Trace of the message flows of the headers. __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com
