Created by: Benoit Coux on 18-05-2010 07:02:47 AM Hi, While testing our XML service on phone with 9.x firmwares, we discovered that it's not working anymore. Our analysis revealed that the problem appears with firmware 8.5 and above. What we noticed server-side is that the client SessionID changes each time a new page is called from the phone, which causes the loss of the sessioninformations used in our service. See below the exchanges before and now with the new firmwares: - Firmware 8.4 see lines 2 and 4 in file Firmware 8.4.2S same sessionID - Firmware 9.0 see lines 9 and 25 in file Firmware 9.0.2.1.SR different sessionID Did anyone had the same issue ? Is this the new behavior for the phones ? Regards Benoit
Subject: RE: SessionID renewed at each exchange starting with firmware 8.5 (and abov Replied by: David Staudt on 18-05-2010 02:54:33 PM What models of phones have you tested?
Subject: RE: SessionID renewed at each exchange starting with firmware 8.5 (and abov Replied by: Benoit Coux on 18-05-2010 03:33:24 PM We did test with the following models: 7940, 7975, 6941 and 8961. Regards Benoit
Subject: RE: SessionID renewed at each exchange starting with firmware 8.5 (and abov Replied by: David Staudt on 18-05-2010 04:52:16 PM Later phone firmware versions have received an updated HTTP implementation, which is generally more strict/observant than previous handlers. In this case it appears HTTP 1.0 rules indicates user-agents should not send cookies in 3xx redirection requests: http://www.w3.org/Protocols/rfc2109/rfc2109 in section "4.3.5 Sending Cookies in Unverifiable Transactions": <pre>"A transaction is verifiable if the user has the option to review the request-URI prior to its use in the transaction. A transaction is unverifiable if the user does not have that option. Unverifiable transactions typically arise when a user agent automatically requests inlined or embedded entities or when it resolves redirection (3xx) responses from an origin server."</pre> While a behaviour change from previous firmware versions, it appears the change is towards RFC compliance - i.e. fixing a privacy defect. A workaround could be to include a URL parameter (could be the cookie value) to identify the session.
Subject: RE: SessionID renewed at each exchange starting with firmware 8.5 (and abov Replied by: Benoit Coux on 26-05-2010 12:26:37 PM We performed further testing. In fact, in our application we were having a change of SessionID because of a Response.Redirect(url) action. After changing this behavior of our application, the application is now working fine. Benoit.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
