Cookie getting overwritten when client connects to multiple servers.

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Cookie getting overwritten when client connects to multiple servers.

santhoshs123
We have client-server deployment implemented using Axis2 where multiple clients can connect to a single server and also a single client can connect to multiple servers(many - many), all connections are statefull.

Since many clients can connect to a single server and each connection is statefull, we are internally maintaining stateful sessions in the server. In the initial login call from client, we create a new internal session in the server and assign Cookie "SESSIONID" to http response, so that for further requests from the client internal session will be identified using the cookie "SESSIONID" attached to the request.

Problem: when client connects to two servers, cookie set in the first server gets overwritten by cookie set in the second server.
1. Client connects to Server1.
2. Server1 creates and attaches Cookie "SESSIONID" with value 1.
3. Further requests from Client to Server1 are successful as it uses cookie with value 1.
4. Client connects to Server2.
5. Server2 creates and attaches Cookie "SESSIONID" with value 2.
6. Further requests from Client to Server2 are successful as it uses cookie with value 2.
7. From now on any requests to Server1 is having cookie with value 2, looks like cookies value got overwritten in client side.
8. Since the cookie value 2 is not recognized in Server1, it rejects.

Please let me know how we can avoid overwriting of cookie? Is there any settings available? Or in client, do I need to manually persist cookie information for each server connection and set the corresponding cookie information to MessageContext property before calling any request?

Thanks in advance.

-Santhosh
Reply | Threaded
Open this post in threaded view
|

AW: Cookie getting overwritten when client connects to multiple servers.

Stadelmann Josef-2
Santhosh
Did you ever read about scope="soapsession" ? this in contrast to ="application", ="transport" ="session". In scope="soapsession"
the server issues a ServiceGroupId with the response to the initial request. The server has a init() and destroy() method in addition to business oriented methods (called implicit on initial request). The client has to send this ServicegroupId with each consecutive request in its addressing-headers. And this makes hitting the same service-providing-object (an instance of the class) with each request. Also Jaxws supports annotations for state full service providers. (I have not used that yet, but it's on my scope and wish list). BUT - I cannot say if and what role SESSIONID cookies play. This just a hint.
Josef

-----Ursprüngliche Nachricht-----
Von: santhoshs123 [mailto:[hidden email]]
Gesendet: Mittwoch, 6. März 2013 23:41
An: [hidden email]
Betreff: Cookie getting overwritten when client connects to multiple servers.

We have client-server deployment implemented using Axis2 where multiple clients can connect to a single server and also a single client can connect to multiple servers(many - many), all connections are statefull.

Since many clients can connect to a single server and each connection is statefull, we are internally maintaining stateful sessions in the server. In the initial login call from client, we create a new internal session in the server and assign Cookie "SESSIONID" to http response, so that for further requests from the client internal session will be identified using the cookie "SESSIONID" attached to the request.

Problem: when client connects to two servers, cookie set in the first server gets overwritten by cookie set in the second server.
1. Client connects to Server1.
2. Server1 creates and attaches Cookie "SESSIONID" with value 1.
3. Further requests from Client to Server1 are successful as it uses cookie with value 1.
4. Client connects to Server2.
5. Server2 creates and attaches Cookie "SESSIONID" with value 2.
6. Further requests from Client to Server2 are successful as it uses cookie with value 2.
7. From now on any requests to Server1 is having cookie with value 2, looks like cookies value got overwritten in client side.
8. Since the cookie value 2 is not recognized in Server1, it rejects.

Please let me know how we can avoid overwriting of cookie? Is there any settings available? Or in client, do I need to manually persist cookie information for each server connection and set the corresponding cookie information to MessageContext property before calling any request?

Thanks in advance.

-Santhosh



--
View this message in context: http://axis.8716.n7.nabble.com/Cookie-getting-overwritten-when-client-connects-to-multiple-servers-tp111918.html
Sent from the Axis Java - Dev mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: AW: Cookie getting overwritten when client connects to multiple servers.

santhoshs123
Hi Josef,

Thanks for your time and reply.

Yes I read about scope="soapsession", currently we are using scope="application". There are multiple reasons why we are using "application" and why we cannot change it to "soapsession"

1. Server initialization takes pretty long time as it has to collect lots of data as part of the initialization.
2. Server bootstrap is done as part of initialization, so bootstrap is called only once since we are using application scope.
3. For internal sessions we time out based on idle time for which we run our own configurable counters.
4. Once session is timed out, server throws exception and client has to reset the context(our internal thing) to server(note: we still use same connection though, it is just internal time out and reset)
4. Already many partners have implemented server implementation and we cannot afford to change it.
5. Apart from this(cookie overwriting) issue, everything else works perfectly fine for us using application scope.

Basically, touching anything in server side is not in our hands except for few configuration settings. So please let me know if you think of any solution which can be done in client side. As I have also mentioned in the description, does persisting these cookies in client side and setting them in MessageContext property for each request helps?

Thanks,
Santhosh
Reply | Threaded
Open this post in threaded view
|

Re: Cookie getting overwritten when client connects to multiple servers.

santhoshs123
In reply to this post by santhoshs123
After more investigation found that we can get rid of this by setting unique cookie names for each of the servers. If we set unique cookie names, axis sends all those cookies to each server along with every API call. This solution does not look that clean and if there are huge number of servers(lets say 500) to which our client is connecting to at any given point in time then we will end up having(and sending) 500 cookies along with each API call(if not restricted).

Later with more investigation found that Axis2 provides us a feature to avoid overwriting of cookies with same names when connected to multiple servers by setting the custom cookie id. By going through Axis source code(AbstractHTTPSender.java), I think Axis tries to extract the cookie with name Constants.CUSTOM_COOKIE_ID(set using setProperty) from the response and attaches it to ServiceContext so that the next request to that server will be attached with cookie extracted in previous response.

I tried doing this but was not successful in getting the expected results, still the cookies were getting overwritten. Hope and wish that I am doing some thing wrong here, below is how I set Constants.CUSTOM_COOKIE_ID

         ServiceClient serviceClient = stub._getServiceClient()
         Options options = serviceClient.getOptions();
         options.setManageSession(true);
         options.setTimeOutInMilliSeconds(timeoutInMilliseconds);
         options.setProperty(Constants.CUSTOM_COOKIE_ID, "XXXSESSIONID");
         serviceClient.setOptions(options);

After this I expect Axis to handle the cookie overwriting but does not seem like that. I feel there is something wrong the way I am setting the property.

Guys, please let me know your views on this. I am completely stuck with this problem.

Note: we are using scope=application and that cannot be changed.
Reply | Threaded
Open this post in threaded view
|

RE: Cookie getting overwritten when client connects to multiple servers.

Martin Gainty
MG> options.setManageSession(true);
 
setManageSession
public void setManageSession(boolean manageSession)
Set session management enabled state. When session management is enabled, the engine will automatically send session data (such as the service group id, or HTTP cookies) as part of requests.
Parameters:
manageSession - true if enabling sessions
 
you are specifically requesting your cookies be session scoped.. (not request or application) 
 
http://axis.apache.org/axis2/java/core/api/org/apache/axis2/client/Options.html#setManageSession(boolean)

Martin-

 

> Date: Tue, 12 Mar 2013 02:18:07 -0700

> From: [hidden email]
> To: [hidden email]
> Subject: Re: Cookie getting overwritten when client connects to multiple servers.
>
> After more investigation found that we can get rid of this by setting unique
> cookie names for each of the servers. If we set unique cookie names, axis
> sends all those cookies to each server along with every API call. This
> solution does not look that clean and if there are huge number of
> servers(lets say 500) to which our client is connecting to at any given
> point in time then we will end up having(and sending) 500 cookies along with
> each API call(if not restricted).
>
> Later with more investigation found that Axis2 provides us a feature to
> avoid overwriting of cookies with same names when connected to multiple
> servers by setting the custom cookie id. By going through Axis source
> code(AbstractHTTPSender.java), I think Axis tries to extract the cookie with
> name Constants.CUSTOM_COOKIE_ID(set using setProperty) from the response and
> attaches it to ServiceContext so that the next request to that server will
> be attached with cookie extracted in previous response.
>
> I tried doing this but was not successful in getting the expected results,
> still the cookies were getting overwritten. Hope and wish that I am doing
> some thing wrong here, below is how I set Constants.CUSTOM_COOKIE_ID
>
> ServiceClient serviceClient = stub._getServiceClient()
> Options options = serviceClient.getOptions();
> options.setManageSession(true);
> options.setTimeOutInMilliSeconds(timeoutInMilliseconds);
> options.setProperty(Constants.CUSTOM_COOKIE_ID, "XXXSESSIONID");
> serviceClient.setOptions(options);
>
> After this I expect Axis to handle the cookie overwriting but does not seem
> like that. I feel there is something wrong the way I am setting the
> property.
>
> Guys, please let me know your views on this. I am completely stuck with this
> problem.
>
> Note: we are using scope=application and that cannot be changed.
>
>
>
> --
> View this message in context: http://axis.8716.n7.nabble.com/Cookie-getting-overwritten-when-client-connects-to-multiple-servers-tp111918p111999.html
> Sent from the Axis Java - Dev mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
Reply | Threaded
Open this post in threaded view
|

RE: Cookie getting overwritten when client connects to multiple servers.

santhoshs123
Martin,

Thanks for taking time to reply my query.

Our client connects to multiple servers of similar nature but reporting different data, and each server sets a cookie with name "XXXSESSIONID"(identical name across all the servers) on its response but when the cookie comes to client it gets overwritten by each others, inside Axis there seem to be only one shared cookie maintained for all the servers which gets overwritten.

Even I was thinking that setting ManageSession to true should handle this, but cookies are getting overwritten  when single client connects to multiple servers. And when I set unique name to cookies of each server then this problem won't be seen but client sends all the cookies to each one of the server.

For example: Lets say client is connecting to 2 servers, each sets cookie with name SESSIONID1 and SESSIONID2 respectively, but next time when client calls any API to the Server1 it sends both the cookies and to Server2 also it sends both the cookies, but the order in which it is sent is for Server1, first SESSIONID2 then SESSIONID1 and for Server2 in reverse order.

When we maintain identical cookie name it overwrites Server1's cookie with Server2's.

After going through few documents I feel setting Constants.CUSTOM_COOKIE_ID solves this problem, but it is not making any difference for me. So I thought, the way I am setting this property is not correct.

Please let me know if you need any more clarifications.
Reply | Threaded
Open this post in threaded view
|

Re: Cookie getting overwritten when client connects to multiple servers.

santhoshs123
In reply to this post by santhoshs123
Hi Folks,

I figured out the solution for this. Thank you all for having a look at this post. Below is the solution

Axis provides a way to avoid overwriting of cookies from different servers by capturing the cookie which is having the specified name, the cookie name can be specified by setting ServiceContext properties with key "Constants.CUSTOM_COOKIE_ID". If HTTPResponse header of any API response contains the cookie specified then Axis captures that cookie and sets it on to ServiceContext properties with key "HTTPConstants.COOKIE_STRING". If client sets this captured cookie on to ServiceClient.Options with same key then Axis adds this cookie to HTTPRequest header of each API called using the corresponding ServiceClient. By doing this, Client can make sure that the cookies with the same name but from different services won't be overwritten in client by Axis as they will be saved in their corresponding ServiceClients.

Below are the steps to follow:
1. Specify name of the cookie to be captured by Axis. This property can be specified when we initialize the stub. If the property "Constants.CUSTOM_COOKIE_ID" is set then Axis tries to find and capture the specified cookie from HTTP Respose header of each API call and if it finds, Axis sets that cookie (ex: "cookieName=value") into ServiceContext property "HTTPConstants.COOKIE_STRING".
          stub._getServiceClient().getServiceContext().setProperty(Constants.CUSTOM_COOKIE_ID, "XXXSESSIONID");
2. Get the captured cookie from ServiceContext properties and set it on to stub.ServiceClient.Options so that future API calls using this stub(to particular service) will be attached with this captured cookie. This can be done after the API call for which the server is supposed to set cookie.
         String sessionCookie = (String) stub._getServiceClient().getServiceContext().getProperty(HTTPConstants.COOKIE_STRING);
         options = stub._getServiceClient().getOptions();
         options.setProperty(HTTPConstants.COOKIE_STRING, sessionCookie);
         stub._getServiceClient().setOptions(options);

Thanks again to all of you.

If anybody needs any help in the future, please ask your questions here I will try to assist you.

-Santhosh