+1
On Thu, Sep 26, 2013 at 2:15 AM, Sagara Gunathunga < [email protected]> wrote: > > > > On Tue, Sep 24, 2013 at 10:33 PM, Kishanthan Thangarajah < > [email protected]> wrote: > >> Hi, >> >> Currently in HTTPSenderImpl#obtainHTTPHeaderInformation, the Session >> Cookie string is constructed by checking only JSEESIONID/axis_session from >> response headers and then adding them as cookie string. It ignores other >> values which are coming with Set-Cookie from response headers. This will >> cause issues with session stickiness, if a client application tries to call >> some services via a load-balancer, where the load-balancer has its own way >> of handling session stickiness with its own cookie header. >> >> For example, if the requests are going through an Amazon ELB, it expect a >> cookie named as "AWSELB" to identify the correct node. But this will fail, >> if the client did not send the that cookie with the request, as axis2 >> client only sends the JSESSIONID. >> >> As a fix, what I'm proposing is, remove the check for specific values (eg >> : JSESSIONID), and set whatever the Set-Cookie values coming >> with response headers as the Cookie string value. This will not break any >> existing apps because, it does not remove any values rather it adds those >> missing values. >> >> WDYT? >> > > +1 > > Thanks ! > >> >> Thanks, >> Kishanthan. >> >> >> > > > -- > Sagara Gunathunga > > Blog - http://ssagara.blogspot.com > Web - http://people.apache.org/~sagara/ > LinkedIn - http://www.linkedin.com/in/ssagara > -- Thanks and Regards, Isuru
