[ http://issues.apache.org/jira/browse/AXIS2-839?page=all ]
Deepal Jayasinghe resolved AXIS2-839:
-------------------------------------
Resolution: Fixed
Applied the patch
Thank for sending patches
> Session cookie implementation in SimpleHttpServer is error prone
> ----------------------------------------------------------------
>
> Key: AXIS2-839
> URL: http://issues.apache.org/jira/browse/AXIS2-839
> Project: Apache Axis 2.0 (Axis2)
> Type: Improvement
> Components: transports
> Versions: 1.0
> Reporter: Oleg Kalnichevski
> Attachments: simplehttpserver-sessioncookie.patch
>
> (1) Presently both SimpleHttpServer and AbstractHTTPSender are unable to
> differentiate session cookies from other cookies. The first cookie found the
> request / response is assumed to contain the session identifier. For
> instance, these perfectly valid HTTP requests will cause the session manager
> to pick a wrong session context
> POST /whatever HTTP/1.1
> Cookie: somecookie=somevalue
> Cookie: urn:uuid:xxxxx
> POST /whatever HTTP/1.1
> Cookie: somecookie=somevalue, urn:uuid:xxxxx
> The patch attempts to rectify the situation by giving the session cookie a
> distinguishable name
> POST /whatever HTTP/1.1
> Cookie: somecookie=somevalue
> Cookie: axis_session=urn:uuid:xxxxx
> POST /whatever HTTP/1.1
> Cookie: somecookie=somevalue, axis_session=urn:uuid:xxxxx
> (2) The patch also fixes the incorrect handling of Set-Cookie2 headers in the
> AbstractHTTPSender
> Please note the patch may break badly written clients dependent on the
> existing session cookie implementation.
> Oleg
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
