[AWS] cookie

[David Marceau]

David Marceau wrote:
> 
> > Michal Morawski wrote:
> >
> > I have the following problem:
> >
> > Other server sent a cookie to client, then redirects cliebt to
> > AWS. Then AWS should read the value of this cookie and behave
> > properly.
> >
> > Can I do it in  simply?
> >
> > Micha? Morawski
> >
Hello again Mr. Morawski,

Ok back to clarifying what you asked for:
1)from a non-aws web server
2)redirecting a web browser to an AWS server
3)along with sending a non-aws cookie

What you are asking for is IMHO going to move the bad design from the
non-aws server to the aws architecture.  The reasons follow:
1)Any persistent data stored with the web browser if it is a real aws
session is stored with an aws session id in order to restore the state
of the web browser exactly as it was before.  This is a core intent of
the design IMHO.
2)Your non-aws web server cookie has no similar behaviour and the ada
web server can't respond to the web browser as if it were a previous aws
session.

3.1)The only way to accommodate what you want is to adjust the aws
source code when a web browser initiates a connection with AWS FOR THE
FIRST TIME with a non-aws cookie(s).  That's the only place IMHO it
makes sense without breaking the inherent session design built-into
aws.  In other words a non-aws cookie redirect from the web browser is
treated always as a first session with aws.
3.2)The only exception to this rule would be if the NON-AWS COOKIE
contains a convential AWS=... session id within it somehow.  I really
don't know how this would happen but it implies some kind of non-aws to
aws cookie protocol.  IMHO I would not recommend this since it seems
complicated and non-intuitive.

4.1)Another alternative would be to not send a non-aws cookie and just
send a parameter to the destined aws server.  IMHO this doesn't change
the fact that the redirect will still be considered as a new session
since there are no aws cookies passed in to the aws server from the web
browser.
4.2)Again the only exception to this rule would be if the cgi parm
passed contains a hint of an aws session id  within it somehow.  I
really don't know how this would happen but it implies some kind of
non-aws to aws cgi parm session id passing protocol.  IMHO I would not
recommend this since it seems complicated and non-intuitive.

To summarize: I think you can go for 3.1) keeping mind that this non-aws
server redirect is considered as a new aws connection which would
generate a new session id if this is necessary to get web browser
persistence for the aws-session.

I hope this makes sense.  Feel free to contradict me :)  I'm all ears :)

Cheers,
David Marceau