axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim K. (Gmane)" <>
Subject Re: [BUG] multiple cookies handling bug
Date Thu, 06 Jan 2005 05:16:25 GMT
Correction: case 2) below is not valid, apparently one cannot set 
multiple cookies in the same Set-Cookie header, there needs to be a 
header per cookie (but when the cookies are sent back to the server 
multiple cookies can be in one Cookie header, that's where my confusion 
came from).

Case 1) still looks like a bug though.


Tim K. (Gmane) wrote:
> Hello Axis Developers & Users,
> I think I've discovered an Axis 1.2RC2 bug.
> Some servers use cookies to do load balancing, so in addition to the 
> JSESSIONID session tracking cookie the load balancer may insert its own 
> cookie in the HTTP response.
> There are 2 cases here:
> 1) The HTTP response will have 2 headers:
> Set-Cookie: JSESSIONID=......; path=/
> Set-Cookie: LoadBalancer=....; path=/
> It looks like the last cookie wins, the rest are discarded by the client 
>  and they are not passed back to the server when maintain session is 
> true, so the session is lost between requests.
> 2) The 2 cookies may appear in the same Set-Cookie header. From briefly 
> looking at the Axis processing code it looks like it trims anything past 
> the first ';' it encounters so in this case the first cookie would be 
> the only one maintained.
> Please let me know if this is a bug and I will file it if you tell me 
> where. If it's a known bug and possibly already fixed, please let me know.
> Thanks.

View raw message