Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.4
-
None
-
None
Description
The server is sending back headers like this:
-------------------------------------------------
HTTP/1.1 200 OK
Date: Fri, 09 Jan 2009 18:05:23 GMT
Server: IBM_HTTP_Server
Set-Cookie: LtpaToken2=AlaASQB98N6b..................
Set-Cookie: LtpaToken=S8+30Ie7dr+B+meD0h.................
Set-Cookie: JSESSIONID=0000Smpoi-vcwLrC8zOfHhio2Nt:1363qhvb2; Path=/; Domain=.xxx.yyy
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Connection: close
Content-Type: text/xml; charset=utf-8
Content-Language: en-US
<soap.........
-------------------------------------------------------
Note that there are 3 cookies - 'LtpaToken2', 'LtpaToken' and 'JSESSIONID'.
The way cookies are found in HTTPSender.handleCookie(String, String, String, MessageContext) is that String.indexOf(String) is used, and 'LtpaToken2' and 'LtpaToken' appear to be the same cookie.
if (key != null && oldCookie.indexOf(key) == 0) { // same cookie key
Because of this one of the cookies is not sent and bad things happen after that.