[jira] [Commented] (AXIS2-5608) Axis2 ignores cookie values other than JSESSIONID/axis_session from http response headers

Sun, 29 Sep 2013 20:13:40 -0700 

    [ 
https://issues.apache.org/jira/browse/AXIS2-5608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13781588#comment-13781588
 ] 

Hudson commented on AXIS2-5608:
-------------------------------

SUCCESS: Integrated in Axis2 #2491 (See 
[https://builds.apache.org/job/Axis2/2491/])
fixing AXIS2-5608 by removing the specific check for JSESSIONID/axis_session 
and adding whatever the value(s) in the Set-Cookie header as session cookie 
(kishanthan: rev 1527429)
* 
/axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/impl/httpclient3/HTTPSenderImpl.java
* 
/axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/impl/httpclient4/HTTPSenderImpl.java


> Axis2 ignores cookie values other than JSESSIONID/axis_session from http 
> response headers
> -----------------------------------------------------------------------------------------
>
>                 Key: AXIS2-5608
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5608
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.6.2
>            Reporter: Kishanthan Thangarajah
>            Assignee: Kishanthan Thangarajah
>             Fix For: 1.7.0
>
>
> Currently in HTTPSenderImpl#obtainHTTPHeaderInformation, the Session Cookie 
> string is constructed by checking only JSEESIONID/axis_session from response 
> headers and then adding them as cookie string. It ignores other values which 
> are coming with Set-Cookie from response headers. This will cause issues with 
> session stickiness, if a client application tries to call some services via a 
> load-balancer, where the load-balancer has its own way of handling session 
> stickiness with its own cookie header.
> For example, if the requests are going through an Amazon ELB, it expect a 
> cookie named as "AWSELB" to identify the correct node. But this will fail, if 
> the client did not send the that cookie with the request, as axis2 client 
> only sends the JSESSIONID.
> As a fix, we can remove the check for specific values (eg : JSESSIONID), and 
> set whatever the Set-Cookie values coming with response headers as the Cookie 
> string value. This will not break any existing apps because, it does not 
> remove any values rather it adds those missing values.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to