You are viewing a plain text version of this content. The canonical link for it is here.

Posted to soap-dev@xml.apache.org by Steve Jones <st...@netdecisions.co.uk> on 2001/04/04 17:44:32 UTC

Session scope and cookies...

I've been trying to set up a SOAP service using XML-SOAP that has session
scope.  The aim is to have the service authorised before access to the
informational items is allowed.  In order to get this done I had to 

a) Create my own SOAPHTTPConnection that is used in each of the calls

b) Modified Call.invoke so that the send line now reads

      // Post the call envelope.
      st.send(url, SOAPActionURI, st.getHeaders(), callEnv, smr, ctx);

c) Written a handler class that processes the cookies that are returned.

The problem is that because the headers is a hashtable indexed by the key
then only one cookie can be sent.  This is fine for my example as the only
cookie is the JSESSIONID, if however another cookie was sent it would be up
for grabs which one is sent back.

What should I really have done ?

Steve

Re: Session scope and cookies...

Posted by Scott Nichol <sn...@computer.org>.

If I understand RFC 2109 (http://www.ietf.org/rfc/rfc2109.txt?number=2109) correctly,
multiple cookies can (should?) be contained in a single Cookie or Set-Cookie header.

Scott Nichol
----- Original Message -----
From: "Steve Jones" <st...@netdecisions.co.uk>
To: "Soap-Dev (E-mail)" <so...@xml.apache.org>
Sent: Wednesday, April 04, 2001 11:44 AM
Subject: Session scope and cookies...


>
> I've been trying to set up a SOAP service using XML-SOAP that has session
> scope.  The aim is to have the service authorised before access to the
> informational items is allowed.  In order to get this done I had to
>
> a) Create my own SOAPHTTPConnection that is used in each of the calls
>
> b) Modified Call.invoke so that the send line now reads
>
>       // Post the call envelope.
>       st.send(url, SOAPActionURI, st.getHeaders(), callEnv, smr, ctx);
>
> c) Written a handler class that processes the cookies that are returned.
>
> The problem is that because the headers is a hashtable indexed by the key
> then only one cookie can be sent.  This is fine for my example as the only
> cookie is the JSESSIONID, if however another cookie was sent it would be up
> for grabs which one is sent back.
>
> What should I really have done ?
>
> Steve
>