[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wsrp] initCookie
but there might still be valid cookies, so why do not forward them? Our spec is a little bit vague here, it says: " If at any time the Producer throws a fault message (" Interface.InvalidCookie") indicating the supplied cookies have been invalidated at the Producer, then the Consumer MUST again invoke initCookie () and SHOULD reprocess the invocation that caused the fault message to be thrown and include any data that may have been stored in a session related to a cookie. " If I read it, it says that all cookies passed to an operation which returns an InvalidCookie fault are invalid? This would mean that a) is correct since consumers are required to pass all cookies received back to the producer (based on the cookie rules). Given that, Rich this means that this fault and a subsequent initCookie() indeed chang the set of cookies. Mit freundlichen Gruessen / best regards, Richard Jacob ______________________________________________________ IBM Lab Boeblingen, Germany Dept.8288, WebSphere Portal Server Development Phone: ++49 7031 16-3469 - Fax: ++49 7031 16-4888 Email: mailto:richard.jacob@de.ibm.com |---------+----------------------------> | | Andre Kramer | | | <andre.kramer@eu.| | | citrix.com> | | | | | | 06/24/2003 03:58 | | | PM | |---------+----------------------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| | | | To: wsrp@lists.oasis-open.org | | cc: | | Subject: RE: [wsrp] initCookie | >--------------------------------------------------------------------------------------------------------------------------------------------------| However, option (a) still seems a reasonable alternative (i.e. throw out all cookies rather than forwarding current cookie collection). I hope producers will not depend on (b), as that will mean even more dependence on what in my view is a questionable legacy mechanism. regards, Andre -----Original Message----- From: Rich Thompson [mailto:richt2@us.ibm.com] Sent: 24 June 2003 14:35 To: wsrp@lists.oasis-open.org Subject: Re: [wsrp] initCookie Yes, the current set should always be being pruned due to expiry and filtered based on domain/path. I think the interesting question is when neither of these change the cookie set and yet an InvalidCookie fault is returned. The spec says the Consumer must invoke initCookie (), presumably passing the valid set of cookies, and then should reinvoke the operation. The key is allowing the initCookie() response to update the set of current cookies (as can any other call). Rich Thompson Subbu Allamaraju <subbu@bea.com> To: wsrp@lists.oasis-open.org 06/24/2003 08:52 AM cc: Subject: Re: [wsrp] initCookie Rich Thompson wrote: > > Wouldn't be the most sensible if the initCookie() invocation carried all > the currently known cookies, but that only those returned on the > response were carried forward to future invocations? In the spirit of RFC2109, IMO, don't you think that the correct approach would be to return just valid cookies (unexpired, matching domain/path, scheme etc.)? This may be hard to do, but sending stale/invalid cookies could be problematic for a number of applications (I'm not referring to app servers coping with invalid cookies). So, my understanding is that, folloing an InvalidCookie fault, the consumer may send any valid cookies (if there are any, including the set that just caused the fault) for that producer. Subbu > > Rich Thompson > > > *Andre Kramer <andre.kramer@eu.citrix.com>* > > 06/24/2003 06:30 AM > > > To: "'David Ward'" <david.ward@oracle.com>, Andre Kramer > <andre.kramer@eu.citrix.com> > cc: WSRP <wsrp@lists.oasis-open.org> > Subject: RE: [wsrp] initCookie > > > > > I agree JSESSIONID has no special significance. While (a) seems more > strict, I'm fine with (b), but wanted to flush out any problems app > servers may have with expired cookies. > > regards, > Andre > -----Original Message-----* > From:* David Ward [mailto:david.ward@oracle.com]* > Sent:* 24 June 2003 11:15* > To:* Andre Kramer* > Cc:* WSRP* > Subject:* Re: [wsrp] initCookie > > > > Andre Kramer wrote: > > One question I have, now that we have multiple cookies, is which > cookie(s) are invalidated by the InvalidCookie fault? > > Or to put it another way: Should the initCookie(), following an > InvalidCookie fault, forward (a) no cookies (b) all currently stored > cookies or (c) only cookie(s) set by last initCookie() response. > > (b) sounds the most sensible to me - you are following cookie semantics > and can leave it to the Producer to decide what to do with each > (potentially expired) cookie. I can't believe that app servers will have > problems with expired cookies being sent. > > I don't like the overhead of tracking (c), and (b) may give some app > servers problems if some of the cookies are really dead. I suppose it is > up to the consumer to return anything it likes, but are people ok with > (a) after the JSESSIONID cookie expires? > > regards, > > Isn't JSESSIONID Java servlet specific? I don't think you should start > giving significance to certain cookies in the protocol if at all possible. > > > Andre > > > -- > > ------------------------------------------------------------------------ > *David Ward* > Principal Software Engineer > Oracle Portal > Oracle European Development Centre > 520 Oracle Parkway > Thames Valley Park > Reading > Berkshire RG6 1RA > UK > *Email:* > _david.ward@oracle.com_ < mailto:david.ward@oracle.com> > *Tel:* > +44 118 924 5079 > *Fax:* > +44 118 924 5005 > > > > > You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/wsrp/members/leave_workgroup.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]