axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Deepal Jayasinghe (JIRA)" <>
Subject [jira] Resolved: (AXIS2-839) Session cookie implementation in SimpleHttpServer is error prone
Date Mon, 26 Jun 2006 08:34:30 GMT
     [ ]
Deepal Jayasinghe resolved AXIS2-839:

    Resolution: Fixed

Applied the patch

Thank for sending patches

> Session cookie implementation in SimpleHttpServer is error prone
> ----------------------------------------------------------------
>          Key: AXIS2-839
>          URL:
>      Project: Apache Axis 2.0 (Axis2)
>         Type: Improvement

>   Components: transports
>     Versions: 1.0
>     Reporter: Oleg Kalnichevski
>  Attachments: simplehttpserver-sessioncookie.patch
> (1) Presently both SimpleHttpServer and AbstractHTTPSender are unable to differentiate
session cookies from other cookies. The first cookie found the request / response is assumed
to contain the session identifier. For instance, these perfectly valid HTTP requests will
cause the session manager to pick a wrong session context
> POST /whatever HTTP/1.1
> Cookie: somecookie=somevalue
> Cookie: urn:uuid:xxxxx
> POST /whatever HTTP/1.1
> Cookie: somecookie=somevalue, urn:uuid:xxxxx
> The patch attempts to rectify the situation by giving the session cookie a distinguishable
> POST /whatever HTTP/1.1
> Cookie: somecookie=somevalue
> Cookie: axis_session=urn:uuid:xxxxx
> POST /whatever HTTP/1.1
> Cookie: somecookie=somevalue, axis_session=urn:uuid:xxxxx
> (2) The patch also fixes the incorrect handling of Set-Cookie2 headers in the AbstractHTTPSender

> Please note the patch may break badly written clients dependent on the existing session
cookie implementation.
> Oleg

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message