[ http://issues.apache.org/jira/browse/AXIS-2045?page=all ]
Davanum Srinivas reassigned AXIS-2045:
--------------------------------------
Assign To: Jayachandra Sekhara Rao Sunkara
> HTTPSender - Cookie Management
> ------------------------------
>
> Key: AXIS-2045
> URL: http://issues.apache.org/jira/browse/AXIS-2045
> Project: Axis
> Type: Bug
> Components: Basic Architecture
> Versions: 1.2
> Environment: WebService running behind SiteMinder.
> Reporter: Subbarao Ayyagari
> Assignee: Jayachandra Sekhara Rao Sunkara
>
> The handleCookie method in HTTPSender.java has coulple of issues:
> 1. It assumes NAME=VALUE of a session cookie remains constant. To find
> out if a cookie already exists are not, it uses cookies.indexOf(cookie)==-1
> check.
> While the assumption of a session cookies NAME=VALUE pair remains
> same is true for most of the cases, it is not true with SiteMinder.
> SiteMinder's SMSESSION cookie has a different value each time a request is
> made. With the above check, the HTTPSender ends up thinking each unique
> SMSESSION=NEW_VALUE as a different cookie and adds it to the subsequent
> requests. This throws SiteMinder off as there are now multiple SMSESSION
> cookies.
> One way to fix this is to check for NAME match rather than
> NAME=VALUE match in the list of cookies.
> 2. The class doesn't parse the "Set-Cookie" HEADER to see if the cookie
> is EXPIRED or not. Thus causing it to send even the expired cookies back to
> the Server on subsequent requests. We can leverage some of the cookie parsing
> code in Apache Commons HttpClient library that smartly checks for expiry,
> domain, path etc.
> Thanks
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
