Case 1) still looks like a bug though.
Tim
Tim K. (Gmane) wrote:
Hello Axis Developers & Users,
I think I've discovered an Axis 1.2RC2 bug.
Some servers use cookies to do load balancing, so in addition to the JSESSIONID session tracking cookie the load balancer may insert its own cookie in the HTTP response.
There are 2 cases here:
1) The HTTP response will have 2 headers:
Set-Cookie: JSESSIONID=......; path=/ Set-Cookie: LoadBalancer=....; path=/
It looks like the last cookie wins, the rest are discarded by the client and they are not passed back to the server when maintain session is true, so the session is lost between requests.
2) The 2 cookies may appear in the same Set-Cookie header. From briefly looking at the Axis processing code it looks like it trims anything past the first ';' it encounters so in this case the first cookie would be the only one maintained.
Please let me know if this is a bug and I will file it if you tell me where. If it's a known bug and possibly already fixed, please let me know.
Thanks.
