Geek Answers Handbook

LCDS & Flex - preventing DuplicateHTTPSession errors after logging out

I have a flex / LCDS stack where I found that after logging out I often (but not always) start getting errors Duplicate HTTP Sessionon the client.

Here are the important facts of the stack:

  • The flex client has an entry / exit function for the application. After logging out, the page does not refresh. (Consequently, the Flex application and the basic one mx.messaging.FlexClientremain initialized)
  • The user can open several tabs.
  • per-client-authenticationset to false- we are trying to achieve SSO (integration with CAS), so the user principle is associated with JSession.
  • The problem is most obvious when using long polls for messaging, as well as when opening two (or more) tabs.
  • The problem is very complex when playing using RTMP channels or streaming.
  • The user is tied to JSession - that is, if he logs in to Tab1, they will log in to Tab2.
  • When a user exits from any tab, Jsession is invalid.

Here is my current theory of what causes the problem:

  • Tab1 (T1) Starts the client → Issued ClientId1 (C1) → Created JSession1 (J1)
  • Tab2 (T2) Starts the client → Issued by ClientId2 (C2) → Included in J1
  • T1 logs in → J1 Unaffected
  • T2 logs in → J1 Unaffected
  • T1 and T2 Both subscribe, start the survey by amflongpolling
  • T1 sends logout -> J1 Invalidated -> J2 created
  • T2 sends a poll (versus J1)
  • T1 exit completed, returns with J2, updates cookie

The last two calls create a conflict where LCDS sees what FlexClientseems to be related to 2 JSessions.

:

Server.Processing.DuplicateSessionDetected HTTP-based FlexSessions, , - . cookie .

. .. , , , , .

, , , , , , JSession, Jsession.

?

Update

, , , .

, , JSessions , JSP RemoteObject.

Flex , RemoteObject , FlexClient DSid, , .

, JSession ( LCS FlexSession/Client-Side FlexClient) ( , ) - session.invalidate() - JSession.

, Tab2 JSession, HTTP. , LCDS DuplicateHTTPSession, Jsessions, , , Tab1, , JSession. , Tab1 , DuplicateHTTPSession, .

, Flex , , ( ) . ( , :)

 // Reset DSid to get a new FlexSession established on LCDS
   use namespace mx_internal

   public function resetFlexSession()
   {
        FlexClient.getInstance().id = null;  
        // Note - using FlexClient.NULL_ID also doesn't work.
   }
+5
3

- , , , , , , . ( , ).

, ( CF ), .

"FlexClient.getInstance(). id = null;" , , , .

, , , .

, RemoteServer, createComplete , :

// Not sure if this is needed anymore, but I'm leaving it in
FlexClient.getInstance().id = null;

, , :

    public function login(event:Event): void {

        Swiz.executeServiceCall(roUsers.login(),
            function (event:ResultEvent): void {
                // Handle a successful login here...
            }
            , function (faultevent:FaultEvent): void {
                // This code fixes this issue with IE tabs dying and leaving Flex with a Duplicate Session problem.
                if (faultevent.fault.faultString.indexOf("duplicate")) {
                  FlexClient.getInstance().id = null;
                  Swiz.dispatchEvent(event);
                }
        });

    }

.

, , , .

, , , . , CHARM .

, SWIZ , .

, , IE, , - Dead Tab, IE.

, , .

!

+1

LCDS, , . :

... [LCDS] , FlexClient, , .

, FlexClients , , FlexClients .

, :

  • jsp
    "The jsp page could both create a session for the client application and return an html wrapper to the client which would load the swf."
  • "which would automatically create a session for the client application on the server"
0

, , ;

Some browsers (such as Internet Explorer) apply domain naming rules to cookies, which means that a code domain such as "my_clientX.server.com", although it can return valid BlazeDS responses, will constantly trigger repeated session notifications in the form access to the cookie will be blocked.

Changing the name to a valid name (without underscore) will fix the problem.

0
source

More articles:


All Articles