Results 1 to 3 of 3

Thread: Soap request header attribute

Hybrid View

  1. #1
    Join Date
    Feb 2013
    Rep Power

    Default Soap request header attribute


    can anyone explain me the usage of soap header child named <authTokenControl> and <change> under <context> element. the standard structure for any soap request found in soap.txt.

    <soap:Envelope xmlns:soap="">
    <context xmlns="urn:zimbra">
    [<authTokenControl voidOnExpired="1"/>]
    [<session [id="{returned-from-server-in-last-response}" [seq="{highest_notification_received}"] [type="admin"]/>]
    [<account by="name|id">{account-name-or-id}</account>]
    [<change token="{change-id}" [type="mod|new"]/>]
    [<userAgent name="{client-name}" [version="{client-version}"]/>]
    [<format type="{response-format}" />]
    <FooRequest ... [requestId="{client-generated-id}"]>

  2. #2
    Join Date
    Aug 2010
    Rep Power


    authTokenControl was introduced as part of the changes for Bug 71479 ? Clear cookie when one parameter is set in Soap Request
    This is from Comment #19 of the bug, which I hope explains it:

            Added an optional <authTokenControl voidOnExpired="1"/> element in 
            soap context.  If this element is present, and if the incoming auth 
            token is expired, server will just "void"(i.e. set the mAuthToken 
            field in ZimbraSoapContext to null, as if there is no auth token for 
            the request ) the auth token instead of throwing AUTH_EXPIRED.
            The auth token can come in the <authToken> element in soap context, 
            or in a http cookie as a fallback,   <authTokenControl 
            voidOnExpired="1"/> does not distinguish the two cases.   It just 
            applies to the auth token object returned from the AuthProvider.
            In other words, if the incoming auth token is expired:
            - If <authTokenControl voidOnExpired="1"/> is not present, server 
            will throw AUTH_EXPIRED exception - nothing changed.
            - If <authTokenControl voidOnExpired="1"/> is present:
                  - if a valid auth token is required for the request, server 
            will throw AUTH_REQUIRED.
                  - otherwise, the request will go through
            <authTokenControl voidOnExpired="1"/> should be used with the 
            ClearCookieRequest.  Usage is when browser sends in expired auth 
            token cookie beyond the control of the web client code.   This 
            problem is triggered becasue we now set httpOnly attribute on auth 
            token cookie, as a result, client cannot get to or clear cookies 
            using javascript.    We can't rely on the Max-Age directive on the 
            cookie - we set Max-Age only when user opts to "remember me" (i.e. 
            ask browser to persist cookies after browser exits.).
    soap.txt does have something to say about <change>:

    Race Conditions
    To avoid race conditions, the client may specify the highest change ID
    that it knows about in the <change> header element.  The default behavior
    (type="mod") will cause mail.MODIFY_CONFLICT to be thrown if we try to
    modify an object that has been touched (flags, tags, folders, etc.) since
    the specified change ID.  Alternatively, type="new" will throw
    mail.MODIFY_CONFLICT if we try to modify an object that has been created
    or whose content has been modified since the specified change ID.
    In general, the sync client will use type="mod" and the web client will
    use type="new".
    In other words, if a modification just involved tagging an item, then if type="mod", mail.MODIFY_CONFLICT would be thrown but if type="new" it wouldn't.

    Hope that helps,
    Gren Elliot
    Lead Engineer - Server
    Zimbra | Community & Collaboration

  3. #3
    Join Date
    Feb 2013
    Rep Power


    thank you gren for replying.

Similar Threads

  1. How to read attribute value in soap response
    By hugo@dlshk in forum Zimlets
    Replies: 1
    Last Post: 04-12-2012, 07:59 PM
  2. Soap / attribute questions
    By stan92 in forum Developers
    Replies: 0
    Last Post: 07-22-2010, 08:06 AM
  3. Replies: 1
    Last Post: 03-07-2010, 05:25 AM
  4. invalid request: missing required attribute:
    By Johanna in forum Error Reports
    Replies: 0
    Last Post: 03-04-2010, 01:57 PM
  5. Replies: 2
    Last Post: 12-16-2008, 03:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts