Author Topic: Composer cookies - SessionID  (Read 3049 times)

Offline cavagnaro

  • Administrator
  • Hero Member
  • *****
  • Posts: 7639
  • Karma: 56330
Composer cookies - SessionID
« on: June 13, 2014, 02:09:02 PM »
Hi guys,
I have a requirement from a customer to keep the sessionID over the call. For me is not the best practice for working with WS but forgetting that...
Does anybody knows how can I achieve this by default? I saw some "session" objects on the common.js file but not sure yet how they work...
Any clue someone could provide?

Thanks guys

Offline cavagnaro

  • Administrator
  • Hero Member
  • *****
  • Posts: 7639
  • Karma: 56330
Re: Composer cookies - SessionID
« Reply #1 on: June 13, 2014, 06:59:43 PM »
Ok, going further with my tests....

I see that ASP.NET_sessionid cookie does come on the HTTP response from the WS, however is HTTPOnly.

I tried to capture the value of it on JSP, no success. I see that JSESSIONID is the one that keeps being the same, however on WebServices side:

Call WS1 -> Asp.Net_SessionID = 10000
Call WS2 -> Asp.Net_SessionID = 10001

Customer says that we should be able to set them but as it is a HTTPOnly cookie I think won't work as only browsers can handle it, correct?

Anyone has faced this issue?


Offline cavagnaro

  • Administrator
  • Hero Member
  • *****
  • Posts: 7639
  • Karma: 56330
Re: Composer cookies - SessionID
« Reply #2 on: June 16, 2014, 06:52:31 PM »
Just to keep track, the ASP cookie has the particularity to be hidden. So with this code I was able to get it:

[code]
for (String header1 : con.getHeaderFields().keySet()) {
  if (header1 != null) {
for (String value1 : con.getHeaderFields().get(header1)) {

logger.info(header1 + ":" + value1);


}
  }
  }
}
[/code]

After this now I can keep the ASP.Net session while the Tomcat session is alive too.