On Tue, Sep 24, 2013 at 10:33 PM, Kishanthan Thangarajah < [email protected]> wrote:
> Hi, > > Currently in HTTPSenderImpl#obtainHTTPHeaderInformation, the Session > Cookie string is constructed by checking only JSEESIONID/axis_session from > response headers and then adding them as cookie string. It ignores other > values which are coming with Set-Cookie from response headers. This will > cause issues with session stickiness, if a client application tries to call > some services via a load-balancer, where the load-balancer has its own way > of handling session stickiness with its own cookie header. > > For example, if the requests are going through an Amazon ELB, it expect a > cookie named as "AWSELB" to identify the correct node. But this will fail, > if the client did not send the that cookie with the request, as axis2 > client only sends the JSESSIONID. > > As a fix, what I'm proposing is, remove the check for specific values (eg > : JSESSIONID), and set whatever the Set-Cookie values coming > with response headers as the Cookie string value. This will not break any > existing apps because, it does not remove any values rather it adds those > missing values. > > WDYT? > +1 Thanks ! > > Thanks, > Kishanthan. > > > -- Sagara Gunathunga Blog - http://ssagara.blogspot.com Web - http://people.apache.org/~sagara/ LinkedIn - http://www.linkedin.com/in/ssagara
