As a followup, I've got a patch for 2.0.1 that tracks all cookies if
SESSION_MAINTAIN_PROPERTY is set. I just need to clean it up a bit
and let me know where to send it.
It doesn't follow all the RFC rules for host / domain / path
security, but then again neither does the current code, and I'm not
sure it matters in this case anyway.
--Joe
On Sep 1, 2007, at 1:06 AM, Joe Sunday wrote:
It looks like CXF only tracks JSESSIONID and throws away any other
cookies.
There's a bunch of non-java based services out there that use other
session cookies. If SESSION_MAINTAIN_PROPERTY is set, it should
track all the cookies on the session, not just JSESSIONID.
--Joe
