Hi Joe,
Yes, CXF leverage the Jetty's session support to implement the session
maintaining. But I am not sure it just tracks the JSESSIONID.
You can create a JIRA [1] and attach the patch with it.
[1] http://issues.apache.org/jira/browse/CXF
Willem.
Joe Sunday wrote:
As a followup, I've got a patch for 2.0.1 that tracks all cookies if
SESSION_MAINTAIN_PROPERTY is set. I just need to clean it up a bit and
let me know where to send it.
It doesn't follow all the RFC rules for host / domain / path security,
but then again neither does the current code, and I'm not sure it
matters in this case anyway.
--Joe
On Sep 1, 2007, at 1:06 AM, Joe Sunday wrote:
It looks like CXF only tracks JSESSIONID and throws away any other
cookies.
There's a bunch of non-java based services out there that use other
session cookies. If SESSION_MAINTAIN_PROPERTY is set, it should track
all the cookies on the session, not just JSESSIONID.
--Joe
