You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by Saradhi Vemuri <sa...@yahoo.com> on 2003/03/19 21:34:49 UTC

Session Problem

Hi,
I have been testing Axis1.0 Rel Under Tomcat 4.1.12
and sessions are not working properly when we have
authentication turned on and a WebService is deployed
as "Session" scope.

On the client setMaintainSession(true) has been done.

When Single Sign On is turned on in tomcat. It sends
JSESSIONIDSSO cookie. And since the WebService is
deployed at Session Scope, it sends back a JSESSIONID
named cookie. However the client returns only the last
listed cookie in the response.

A result of this is 
1 - After first call Auth takes place and a new
WebService object is created for the "new" session.
2 - Second request to the WebService results in the
JSESSIONID being sent and not the JSESSIONIDSSO.
Which re authenticates me - AND sends a new
JSESSIONIDSSO.

As a result of this the next request to the Server
results in only the JSESSIONIDSSO going in and not the
JSESSIONIDand this leads to my WebService losing
state.


Regards
Saradhi.

P.S : For clearer understanding I could post the TCP
Trace of the message flows of the headers.

__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com

Re: Session Problem

Posted by Steve Loughran <st...@iseran.com>.

Saradhi Vemuri wrote:
> Hi,
> I have been testing Axis1.0 Rel Under Tomcat 4.1.12
> and sessions are not working properly when we have
> authentication turned on and a WebService is deployed
> as "Session" scope.
> 
> On the client setMaintainSession(true) has been done.
> 
> When Single Sign On is turned on in tomcat. It sends
> JSESSIONIDSSO cookie. And since the WebService is
> deployed at Session Scope, it sends back a JSESSIONID
> named cookie. However the client returns only the last
> listed cookie in the response.
> 
> A result of this is 
> 1 - After first call Auth takes place and a new
> WebService object is created for the "new" session.
> 2 - Second request to the WebService results in the
> JSESSIONID being sent and not the JSESSIONIDSSO.
> Which re authenticates me - AND sends a new
> JSESSIONIDSSO.
> 
> As a result of this the next request to the Server
> results in only the JSESSIONIDSSO going in and not the
> JSESSIONIDand this leads to my WebService losing
> state.

Could be related to this bug in the code:
http://developer.java.sun.com/developer/bugParade/bugs/4242254.html

java.net doesnt let you set multiple cookies on connections any more.
you could, and someone reported this as a bug, and whoever maintains the 
source doesnt understand enough of the HTTP spec (an ongoing issue), so 
they turned the feature off.

What happens using the http library from the jakarta commons project & 
the latest Axis RC?