[
https://issues.apache.org/jira/browse/AXIS2-5608?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kishanthan Thangarajah resolved AXIS2-5608.
-------------------------------------------
Resolution: Fixed
Added the proposed fix in r1527429.
> Axis2 ignores cookie values other than JSESSIONID/axis_session from http
> response headers
> -----------------------------------------------------------------------------------------
>
> Key: AXIS2-5608
> URL: https://issues.apache.org/jira/browse/AXIS2-5608
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.6.2
> Reporter: Kishanthan Thangarajah
> Assignee: Kishanthan Thangarajah
> Fix For: 1.7.0
>
>
> Currently in HTTPSenderImpl#obtainHTTPHeaderInformation, the Session Cookie
> string is constructed by checking only JSEESIONID/axis_session from response
> headers and then adding them as cookie string. It ignores other values which
> are coming with Set-Cookie from response headers. This will cause issues with
> session stickiness, if a client application tries to call some services via a
> load-balancer, where the load-balancer has its own way of handling session
> stickiness with its own cookie header.
> For example, if the requests are going through an Amazon ELB, it expect a
> cookie named as "AWSELB" to identify the correct node. But this will fail, if
> the client did not send the that cookie with the request, as axis2 client
> only sends the JSESSIONID.
> As a fix, we can remove the check for specific values (eg : JSESSIONID), and
> set whatever the Set-Cookie values coming with response headers as the Cookie
> string value. This will not break any existing apps because, it does not
> remove any values rather it adds those missing values.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
