axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davanum Srinivas (JIRA)" <>
Subject [jira] Commented: (AXIS-2045) HTTPSender - Cookie Management
Date Wed, 08 Jun 2005 20:58:17 GMT
    [ ] 

Davanum Srinivas commented on AXIS-2045:

Please submit a patch ("cvs diff -u") against latest CVS.


> HTTPSender - Cookie Management
> ------------------------------
>          Key: AXIS-2045
>          URL:
>      Project: Axis
>         Type: Bug
>   Components: Basic Architecture
>     Versions: 1.2
>  Environment: WebService running behind SiteMinder.
>     Reporter: Subbarao Ayyagari

> The handleCookie method in has coulple of issues:
>      1. It assumes NAME=VALUE of a session cookie remains constant. To find out if a
cookie already exists are not, it uses cookies.indexOf(cookie)==-1 check. 
>          While the assumption of a session cookies NAME=VALUE pair remains same is true
for most of the cases, it is not true with SiteMinder. SiteMinder's SMSESSION cookie has a
different value each time a request is made. With the above check, the HTTPSender ends up
thinking each unique SMSESSION=NEW_VALUE as a different cookie and adds it to the subsequent
requests. This throws SiteMinder off as there are now multiple SMSESSION cookies.
>          One way to fix this is to check for NAME match rather than NAME=VALUE match
in the list of cookies. 
>      2. The class doesn't parse the "Set-Cookie" HEADER to see if the cookie is EXPIRED
or not. Thus causing it to send even the expired cookies back to the Server on subsequent
requests. We can leverage some of the cookie parsing code in Apache Commons HttpClient library
that smartly checks for expiry, domain, path etc.
> Thanks

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message