You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Andreas Veithen (JIRA)" <ji...@apache.org> on 2016/05/29 11:19:12 UTC

[jira] [Updated] (AXIS2-5608) Axis2 ignores cookie values other than JSESSIONID/axis_session from http response headers

     [ https://issues.apache.org/jira/browse/AXIS2-5608?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andreas Veithen updated AXIS2-5608:
-----------------------------------
    Fix Version/s:     (was: 1.7.0)

> Axis2 ignores cookie values other than JSESSIONID/axis_session from http response headers
> -----------------------------------------------------------------------------------------
>
>                 Key: AXIS2-5608
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5608
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.6.2
>            Reporter: Kishanthan Thangarajah
>            Assignee: Kishanthan Thangarajah
>
> Currently in HTTPSenderImpl#obtainHTTPHeaderInformation, the Session Cookie string is constructed by checking only JSEESIONID/axis_session from response headers and then adding them as cookie string. It ignores other values which are coming with Set-Cookie from response headers. This will cause issues with session stickiness, if a client application tries to call some services via a load-balancer, where the load-balancer has its own way of handling session stickiness with its own cookie header.
> For example, if the requests are going through an Amazon ELB, it expect a cookie named as "AWSELB" to identify the correct node. But this will fail, if the client did not send the that cookie with the request, as axis2 client only sends the JSESSIONID.
> As a fix, we can remove the check for specific values (eg : JSESSIONID), and set whatever the Set-Cookie values coming with response headers as the Cookie string value. This will not break any existing apps because, it does not remove any values rather it adds those missing values.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org