users@glassfish.java.net

Comments needed on .NET, SOAP, and HTTP Session Cookies...

From: <glassfish_at_javadesktop.org>
Date: Fri, 19 Feb 2010 09:03:35 PST

Hi all!
Brand new to the group, brand new to Glassfish, but I'm hoping GlassFish will solve some problems we currently have - and finally let me get on with my life :)

I'll try to keep this as short as possible. First a little background...

For the past few months we have been working with a specific webservice gateway tool (NOT Glassfish) and it has worked fairly well, until...

About 3 months ago, a new service was laid on my desk to get setup - this is an external service that we only access - we don't control it.
I was simply charged with setting it up so our internal applications could access it through our gateway.

This particular (.NET - SOAP) service uses a session cookie, which is first acquired via a login process within the webresponse HTTP headers, then presented back to the webservice on subsequent service calls.
This process works wonderfully when I build a test application (.NET - C# or VB) that calls the service directly (not through the gateway.)
This all changes when I call through the gateway. The session cookie never reaches my application during the login process.
Using WireShark to watch the network traffic, I can clearly see the cookie being passed within the HTTP headers. I've also bastardized the (automatically built SOAP client via wsdl.exe) .NET code enough to at least show me the HTTP headers and I can see the cookie there as well.
What I've noticed, and what I believe to be the issue, is that the cookie has a Domain associated with the originating web service. When I make the call through the gateway, .NET is looking for a cookie associated with our gateway domain, NOT the originating domain and the 'cookieContainer' ends up null.
I've been back and forth with support and they tell me it is working as it should. I've had no luck getting the gateway to correct this.
I know I could spend a while coding to manually grab the cookie from the headers and manipulating it around the gateway - but if I tell our developers they will have to do the same in their apps, well - it won't be pretty... and that would defeat many of the purposes of having a webservice management tool in the first place.

So, this brings me to GlassFish. The question is, does this same scenario play well with GlassFish? Any success stories you can share?
I'm just starting to read the info, but if this one question is answered, I will, at the least, have a BIG reason to begin a switch over to GlassFish...

Here's hoping for some good news!
Thanks for listening...
[Message sent by forum member '14karat' (holcomba_at_helenachemical.com)]

http://forums.java.net/jive/thread.jspa?messageID=387636