check jira, there are a few related bugs...am waiting for someone to step in, review the old patches, submit a fresh patch against latest cvs. i can't do that since i don't have a way to test the fixes...
thanks, dims On Wed, 05 Jan 2005 23:05:29 -0800, Tim K. (Gmane) <[EMAIL PROTECTED]> wrote: > Digging deeper into the code and trying to patch it to fix the bug I > discovered another issue that needs to be addressed. > > The particular server that I am using doesn't send the load balancing > cookie on all the responses, it refreshes it every few responses (I am > not sure how it decides to refresh it or not), so for example: > > Response 1: has 2 cookies JSESSIONID and LoadBalancer cookies > Response 2: has 1 cookie only JSESSIONID > > What happens is that after Response 2 is received by the Axis client, > the LoadBalancer cookie is forgotten about, it's dropped and it's not > sent on subsequent requests, hence the load balancing is messed up and > the client request ends up on a different middle tier which cannot > recover the session based on the JSESSIONID. > > The HTTP clients need to store cookies, add to them and only expire them > when the cookie expiration time is reached (if they are session > cookies, not persistent cookies then they are expired when the client > process exits -- in memory cookies). > > Where are the cookies stored between requests? In the Service, Stub, > Call or HTTPTransport? > > Tim > > Tim K. (Gmane) wrote: > > Correction: case 2) below is not valid, apparently one cannot set > > multiple cookies in the same Set-Cookie header, there needs to be a > > header per cookie (but when the cookies are sent back to the server > > multiple cookies can be in one Cookie header, that's where my confusion > > came from). > > > > Case 1) still looks like a bug though. > > > > Tim > > > > Tim K. (Gmane) wrote: > > > >> Hello Axis Developers & Users, > >> > >> I think I've discovered an Axis 1.2RC2 bug. > >> > >> Some servers use cookies to do load balancing, so in addition to the > >> JSESSIONID session tracking cookie the load balancer may insert its > >> own cookie in the HTTP response. > >> > >> There are 2 cases here: > >> > >> 1) The HTTP response will have 2 headers: > >> > >> Set-Cookie: JSESSIONID=......; path=/ > >> Set-Cookie: LoadBalancer=....; path=/ > >> > >> It looks like the last cookie wins, the rest are discarded by the > >> client and they are not passed back to the server when maintain > >> session is true, so the session is lost between requests. > >> > >> 2) The 2 cookies may appear in the same Set-Cookie header. From > >> briefly looking at the Axis processing code it looks like it trims > >> anything past the first ';' it encounters so in this case the first > >> cookie would be the only one maintained. > >> > >> Please let me know if this is a bug and I will file it if you tell me > >> where. If it's a known bug and possibly already fixed, please let me > >> know. > >> > >> Thanks. > >> > > > > > > -- Davanum Srinivas - http://webservices.apache.org/~dims/