Hi Sebb,
further testing reveals a related problem between AjpSampler and cookies.
The AjpSampler always sends all cookies. It does not go through the
match() functionality of the CookieSpec.
One can argue whether that's good or not, because the AjpSampler doesn't
allow to configure the additional AJP13 data, like name of the reverse
proxy etc.
Unfortunately with my patch applied, we now use
getCookieHeaderForURL(url) (only the matching cookies) to add the data
for the GUI view of the cookies in the request, but getCookies() (all
cookies) for actually adding them to the AJP13 packets.
The CookieManager doesn't allow an unfiltered getCookiesHeader() nor
does it allow a raw getCookiesForURL().
Which way should we go? Use "all" for both data or "filtered" for both?
If we decide upon that, I can write the patch.
Further reasoning for HTTP as well as AJP:
The CookieSpec is used for two purposes. It does parsing and formatting,
and it also does validate() and match(). The property CHECK_COOKIES
allows to not do the validate(). I think it would be nice to use
CHECK_COOKIES also to disable the match() call against the spec and
instead use all cookies.
One situation where this is useful, is when you need to test against IP
addresses, but your servers return cookies with actual domain set.
Another situation is when you test against the individual nodes of a
farm, but the servers returns cookies matching the load balancer.
Finally this would also help to decide the above question about the
AjpSampler. It would be effectvely configurable, whether to filter or not.
It would be a nice addition to add that as a checkbox in the cooki
manager gui.
What do you think? If you like the idea I can provide patches.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
