You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by Samisa Abeysinghe <sa...@yahoo.com> on 2004/11/01 11:35:39 UTC
Handling sessions with cookies
Hi All,
I am in the process of implementing support for sessions with Cookies.
The syntax for Set-Cookie header is:
Set-Cookie: NAME=VALUE; expires=DATE;path=PATH; domain=DOMAIN_NAME; secure
However, looking at how Axis Java has implemented it they just assume that there will only be
NAME=VALUE and igniore the rest. If we also agree that this a reasonable assumption, I could
implement cookie support very easily.
However, in case it is possible for web services to use 'path' in the Set-Cookie syntax, the
client side cookie handling logic becomes a bit complex (see
http://wp.netscape.com/newsref/std/cookie_spec.html). Should I KISS and do it like Aaxis Java or
do I need to look further into an alorithm for dealing with 'path' in Set-Cookie.
Thoughts please...
Thanks,
Samisa...
_______________________________
Do you Yahoo!?
Express yourself with Y! Messenger! Free. Download now.
http://messenger.yahoo.com
Re: Handling sessions with cookies
Posted by Samisa Abeysinghe <sa...@yahoo.com>.
--- sanjaya singharage <sa...@opensource.lk> wrote:
> What exactly is a session in web services? Does it mean that a SOAP client
> can carry on a conversation with a webservice over time and that web service
> maintains it's state?
Yes.
Samisa...
>
> sanjaya.
>
>
> ----- Original Message -----
> From: "Samisa Abeysinghe" <sa...@yahoo.com>
> To: <ax...@ws.apache.org>
> Sent: Monday, November 01, 2004 4:35 PM
> Subject: Handling sessions with cookies
>
>
> > Hi All,
> > I am in the process of implementing support for sessions with Cookies.
> >
> > The syntax for Set-Cookie header is:
> > Set-Cookie: NAME=VALUE; expires=DATE;path=PATH; domain=DOMAIN_NAME; secure
> >
> > However, looking at how Axis Java has implemented it they just assume that
> there will only be
> > NAME=VALUE and igniore the rest. If we also agree that this a reasonable
> assumption, I could
> > implement cookie support very easily.
> >
> > However, in case it is possible for web services to use 'path' in the
> Set-Cookie syntax, the
> > client side cookie handling logic becomes a bit complex (see
> > http://wp.netscape.com/newsref/std/cookie_spec.html). Should I KISS and do
> it like Aaxis Java or
> > do I need to look further into an alorithm for dealing with 'path' in
> Set-Cookie.
> >
> > Thoughts please...
> >
> > Thanks,
> > Samisa...
> >
> >
> >
> > _______________________________
> > Do you Yahoo!?
> > Express yourself with Y! Messenger! Free. Download now.
> > http://messenger.yahoo.com
> >
> >
>
>
>
__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com
Re: Handling sessions with cookies
Posted by sanjaya singharage <sa...@opensource.lk>.
What exactly is a session in web services? Does it mean that a SOAP client
can carry on a conversation with a webservice over time and that web service
maintains it's state?
sanjaya.
----- Original Message -----
From: "Samisa Abeysinghe" <sa...@yahoo.com>
To: <ax...@ws.apache.org>
Sent: Monday, November 01, 2004 4:35 PM
Subject: Handling sessions with cookies
> Hi All,
> I am in the process of implementing support for sessions with Cookies.
>
> The syntax for Set-Cookie header is:
> Set-Cookie: NAME=VALUE; expires=DATE;path=PATH; domain=DOMAIN_NAME; secure
>
> However, looking at how Axis Java has implemented it they just assume that
there will only be
> NAME=VALUE and igniore the rest. If we also agree that this a reasonable
assumption, I could
> implement cookie support very easily.
>
> However, in case it is possible for web services to use 'path' in the
Set-Cookie syntax, the
> client side cookie handling logic becomes a bit complex (see
> http://wp.netscape.com/newsref/std/cookie_spec.html). Should I KISS and do
it like Aaxis Java or
> do I need to look further into an alorithm for dealing with 'path' in
Set-Cookie.
>
> Thoughts please...
>
> Thanks,
> Samisa...
>
>
>
> _______________________________
> Do you Yahoo!?
> Express yourself with Y! Messenger! Free. Download now.
> http://messenger.yahoo.com
>
>
Re: Handling sessions with cookies
Posted by Samisa Abeysinghe <sa...@yahoo.com>.
Re: what is "secure" ->
This means that the cookie should only be sent over a secure channel (that is the server requires
it to be sent securely). Would make sense when we have a secure channel.
Re: "what does the web server do when it sees one with only these settings?" Does it expire it at
a given time - probably configurable per server? ->
It is the server that tell us about the path and the expire time. I think we have to be sensitive
to that as well. However, in case of web services, a differet path means a different service, most
of the time. For me it does not make sense to keep the same session for different services.
Thanks,
Samisa...
--- John Hawkins <HA...@uk.ibm.com> wrote:
>
>
>
>
> There is a question here "what does the web server do when it sees one with
> only these settings?" Does it expire it at a given time - probably
> configurable per server?
>
> What are the other options - what is "secure" - sounds important - will
> this affect ?
>
> Overall, I think we should look to be the same as Axis Java? However, when
> they change their support how do we ensure we keep in step?
>
> John Hawkins
>
>
>
>
>
> Samisa Abeysinghe
> <samisa_abeysingh
> e@yahoo.com> To
> axis-c-dev@ws.apache.org
> 01/11/2004 10:35 cc
>
> Subject
> Please respond to Handling sessions with cookies
> "Apache AXIS C
> Developers List"
>
>
>
>
>
>
>
>
> Hi All,
> I am in the process of implementing support for sessions with Cookies.
>
> The syntax for Set-Cookie header is:
> Set-Cookie: NAME=VALUE; expires=DATE;path=PATH; domain=DOMAIN_NAME; secure
>
> However, looking at how Axis Java has implemented it they just assume that
> there will only be
> NAME=VALUE and igniore the rest. If we also agree that this a reasonable
> assumption, I could
> implement cookie support very easily.
>
> However, in case it is possible for web services to use 'path' in the
> Set-Cookie syntax, the
> client side cookie handling logic becomes a bit complex (see
> http://wp.netscape.com/newsref/std/cookie_spec.html). Should I KISS and do
> it like Aaxis Java or
> do I need to look further into an alorithm for dealing with 'path' in
> Set-Cookie.
>
> Thoughts please...
>
> Thanks,
> Samisa...
>
>
>
> _______________________________
> Do you Yahoo!?
> Express yourself with Y! Messenger! Free. Download now.
> http://messenger.yahoo.com
>
>
>
_______________________________
Do you Yahoo!?
Express yourself with Y! Messenger! Free. Download now.
http://messenger.yahoo.com
Re: Handling sessions with cookies
Posted by John Hawkins <HA...@uk.ibm.com>.
There is a question here "what does the web server do when it sees one with
only these settings?" Does it expire it at a given time - probably
configurable per server?
What are the other options - what is "secure" - sounds important - will
this affect ?
Overall, I think we should look to be the same as Axis Java? However, when
they change their support how do we ensure we keep in step?
John Hawkins
Samisa Abeysinghe
<samisa_abeysingh
e@yahoo.com> To
axis-c-dev@ws.apache.org
01/11/2004 10:35 cc
Subject
Please respond to Handling sessions with cookies
"Apache AXIS C
Developers List"
Hi All,
I am in the process of implementing support for sessions with Cookies.
The syntax for Set-Cookie header is:
Set-Cookie: NAME=VALUE; expires=DATE;path=PATH; domain=DOMAIN_NAME; secure
However, looking at how Axis Java has implemented it they just assume that
there will only be
NAME=VALUE and igniore the rest. If we also agree that this a reasonable
assumption, I could
implement cookie support very easily.
However, in case it is possible for web services to use 'path' in the
Set-Cookie syntax, the
client side cookie handling logic becomes a bit complex (see
http://wp.netscape.com/newsref/std/cookie_spec.html). Should I KISS and do
it like Aaxis Java or
do I need to look further into an alorithm for dealing with 'path' in
Set-Cookie.
Thoughts please...
Thanks,
Samisa...
_______________________________
Do you Yahoo!?
Express yourself with Y! Messenger! Free. Download now.
http://messenger.yahoo.com