axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Samisa Abeysinghe <samisa_abeysin...@yahoo.com>
Subject Re: Handling sessions with cookies
Date Mon, 01 Nov 2004 11:15:06 GMT
Re: what is "secure" ->
This means that the cookie should only be sent over a secure channel (that is the server requires
it to be sent securely). Would make sense when we have a secure channel.

Re: "what does the web server do when it sees one with only these settings?" Does it expire
it at
a given time - probably  configurable per server? ->

It is the server that tell us about the path and the expire time. I think we have to be sensitive
to that as well. However, in case of web services, a differet path means a different service,
most
of the time. For me it does not make sense to keep the same session for different services.

Thanks,
Samisa...

--- John Hawkins <HAWKINSJ@uk.ibm.com> wrote:

> 
> 
> 
> 
> There is a question here "what does the web server do when it sees one with
> only these settings?" Does it expire it at a given time - probably
> configurable per server?
> 
> What are the other options - what is "secure" - sounds important - will
> this affect ?
> 
> Overall, I think we should look to be the same as Axis Java? However, when
> they change their support how do we ensure we keep in step?
> 
> John Hawkins
> 
> 
> 
> 
>                                                                            
>              Samisa Abeysinghe                                             
>              <samisa_abeysingh                                             
>              e@yahoo.com>                                               To 
>                                        axis-c-dev@ws.apache.org            
>              01/11/2004 10:35                                           cc 
>                                                                            
>                                                                    Subject 
>              Please respond to         Handling sessions with cookies      
>               "Apache AXIS C                                               
>              Developers List"                                              
>                                                                            
>                                                                            
>                                                                            
>                                                                            
> 
> 
> 
> 
> Hi All,
>    I am in the process of implementing support for sessions with Cookies.
> 
> The syntax for Set-Cookie header is:
> Set-Cookie: NAME=VALUE; expires=DATE;path=PATH; domain=DOMAIN_NAME; secure
> 
> However, looking at how Axis Java has implemented it they just assume that
> there will only be
> NAME=VALUE and igniore the rest. If we also agree that this a reasonable
> assumption, I could
> implement cookie support very easily.
> 
> However, in case it is possible for web services to use 'path' in the
> Set-Cookie syntax, the
> client side cookie handling logic becomes a bit complex (see
> http://wp.netscape.com/newsref/std/cookie_spec.html). Should I KISS and do
> it like Aaxis Java or
> do I need to look further into an alorithm for dealing with 'path' in
> Set-Cookie.
> 
> Thoughts please...
> 
> Thanks,
> Samisa...
> 
> 
> 
> _______________________________
> Do you Yahoo!?
> Express yourself with Y! Messenger! Free. Download now.
> http://messenger.yahoo.com
> 
> 
> 



		
_______________________________
Do you Yahoo!?
Express yourself with Y! Messenger! Free. Download now. 
http://messenger.yahoo.com

Mime
View raw message