You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Joe Sunday <su...@csh.rit.edu> on 2007/09/01 07:06:44 UTC
Broken SESSION_MAINTAIN_PROPERTY against non-jaxws servers
It looks like CXF only tracks JSESSIONID and throws away any other
cookies.
There's a bunch of non-java based services out there that use other
session cookies. If SESSION_MAINTAIN_PROPERTY is set, it should track
all the cookies on the session, not just JSESSIONID.
--Joe
On Aug 31, 2007, at 6:12 PM, Joe Sunday wrote:
> Thanks a bunch.
>
> One more question.. Is there a way to keep cookies automatically on
> a session?
>
> The remote end is sending a Set-Cookie: header on the first
> request, but it doesn't get sent back in future requests.
> I thought this was right from some googling, but it doesn't seem to
> work..
> ((BindingProvider)client).getRequestContext().put
> (BindingProvider.SESSION_MAINTAIN_PROPERTY, true);
>
> --Joe
>
> On Aug 31, 2007, at 2:17 PM, Daniel Kulp wrote:
Re: Broken SESSION_MAINTAIN_PROPERTY against non-jaxws servers
Posted by Willem Jiang <ni...@iona.com>.
Hi Joe,
Yes, CXF leverage the Jetty's session support to implement the session
maintaining. But I am not sure it just tracks the JSESSIONID.
You can create a JIRA [1] and attach the patch with it.
[1] http://issues.apache.org/jira/browse/CXF
Willem.
Joe Sunday wrote:
> As a followup, I've got a patch for 2.0.1 that tracks all cookies if
> SESSION_MAINTAIN_PROPERTY is set. I just need to clean it up a bit and
> let me know where to send it.
>
> It doesn't follow all the RFC rules for host / domain / path security,
> but then again neither does the current code, and I'm not sure it
> matters in this case anyway.
>
> --Joe
>
> On Sep 1, 2007, at 1:06 AM, Joe Sunday wrote:
>
>> It looks like CXF only tracks JSESSIONID and throws away any other
>> cookies.
>>
>> There's a bunch of non-java based services out there that use other
>> session cookies. If SESSION_MAINTAIN_PROPERTY is set, it should track
>> all the cookies on the session, not just JSESSIONID.
>>
>> --Joe
>
Re: Broken SESSION_MAINTAIN_PROPERTY against non-jaxws servers
Posted by Joe Sunday <su...@csh.rit.edu>.
As a followup, I've got a patch for 2.0.1 that tracks all cookies if
SESSION_MAINTAIN_PROPERTY is set. I just need to clean it up a bit
and let me know where to send it.
It doesn't follow all the RFC rules for host / domain / path
security, but then again neither does the current code, and I'm not
sure it matters in this case anyway.
--Joe
On Sep 1, 2007, at 1:06 AM, Joe Sunday wrote:
> It looks like CXF only tracks JSESSIONID and throws away any other
> cookies.
>
> There's a bunch of non-java based services out there that use other
> session cookies. If SESSION_MAINTAIN_PROPERTY is set, it should
> track all the cookies on the session, not just JSESSIONID.
>
> --Joe