Skip navigation
Currently Being Moderated

Server.Processing.DuplicateSessionDetected

Sep 2, 2009 8:35 AM

Hi,

 

I am using BlazedDS remote objects in my application and following is the error I am getting.

 

faultCode:Server.Processing.DuplicateSessionDetected

faultString:'Detected duplicate HTTP - based FlexSessions, generally due to the remote host disabling session cookies. Session coolkies must be enable to manage the client connection correctly.'

faultDetail: 'null'

 

Along with this error I also get the following error most times.

faultCode:Server.Processing

faultString:'There was an unhandler failure on the server. The FlexSession is invalid.'

faultCode:'null'

 

My environment for the application is as follows:

 

Server - Websephere v6.1

Browser - IE 6, Mozilla 3.x. I have tried on both the browsers and it occurs in both of them.

Flex - Flex SDK - 3.2

Java - Java 5.0

 

My application is as follows:

I have configured BlazedDS on the server side to access remote objects to get data onto the client which is written in Flex/ActionScript.

 

when i run the application it seems to run fine. But at times the above error occurs. I am unable to reproduce this error AT WILL. I am not sure about the reason that this error seems to occur.

 

I have attached the config files for my application. The limit being 3 files the one remaining services-config.xml is as below:

 

<?xml version="1.0" encoding="UTF-8"?>
<services-config>

 

    <services>
        <service-include file-path="remoting-config.xml" />
        <service-include file-path="proxy-config.xml" />
        <service-include file-path="messaging-config.xml" />       
    </services>

 

    <security>
        <login-command class="flex.messaging.security.WebSphereLoginCommand" server="WebSphere"/>
    </security>

 

    <channels>

 

        <channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
            <endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
            <properties>
                <polling-enabled>false</polling-enabled>
            </properties>
        </channel-definition>

 

        <channel-definition id="my-secure-amf" class="mx.messaging.channels.SecureAMFChannel">
            <endpoint url="https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecure" class="flex.messaging.endpoints.SecureAMFEndpoint"/>
            <properties>
                   <!--HTTPS requests on some browsers do not work when pragma "no-cache" are set-->
                <add-no-cache-headers>false</add-no-cache-headers>
            </properties>
        </channel-definition>

 

        <channel-definition id="my-polling-amf" class="mx.messaging.channels.AMFChannel">
            <endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amfpolling" class="flex.messaging.endpoints.AMFEndpoint"/>
            <properties>
                <polling-enabled>true</polling-enabled>
                <polling-interval-seconds>4</polling-interval-seconds>
            </properties>
        </channel-definition>


    </channels>

 

    <logging>
        <target class="flex.messaging.log.ConsoleTarget" level="Error">
            <properties>
                <prefix>[BlazeDS] </prefix>
                <includeDate>false</includeDate>
                <includeTime>false</includeTime>
                <includeLevel>false</includeLevel>
                <includeCategory>false</includeCategory>
            </properties>
            <filters>
                <pattern>Endpoint.*</pattern>
                <pattern>Service.*</pattern>
                <pattern>Configuration</pattern>
            </filters>
        </target>
    </logging>

 

    <system>
        <redeploy>
            <enabled>false</enabled>
        </redeploy>
    </system>

 

</services-config>

 

It has been quite some time that i have been unable to resolve the issue. Any help in resolving the issue is appreciated.

 

Thanks a bunch..!!

 

Please let me know if you need to know anything else regarding the issue.

Attachments:
 
Replies
  • Currently Being Moderated
    Feb 1, 2010 2:06 AM   in reply to gauravnasit

    Have you ever found the problem that was causing this? We're running into the same problems and have a pretty similar set up.

     
    |
    Mark as:
  • Currently Being Moderated
    Feb 23, 2010 11:05 AM   in reply to Ron Pasch

    This problem only appears for us too under Websphere 6.2. Under Tomcat there is no issue. There must be more people using BlazeDS on websphere, right? Anyone got an idea?

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 11, 2010 6:31 AM   in reply to gauravnasit

    We have the same issue... using Tomcat proxied by Apache.

    Any ideas?

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 15, 2010 2:04 AM   in reply to gauravnasit

    Hi,

     

    Same problem here with Flex and Coldfusion 9.

     

    It's very anoying, I looked for a sollution with no luck

     

    Aubry

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 15, 2010 4:58 AM   in reply to aubweb

    Hi.

     

    The client needs to be able to maintain session with the server for BlazeDS to work properly. When a BlazeDS application connects to the server over an endpoint, a FlexClient is created on the server and associated with the JEE session. The id of the FlexClient is returned to the Flex application as the DSID header on the response message and then the Flex application will pass this DSID header with every request.

     

    There are some situations where a single application could have more than one FlexClient. For example, if your application uses two different endpoints to communicate with the server at the same time there would be a different FlexClient for each endpoint. Also, if you loaded two BlazeDS applications into a parent application as sub-apps, each BlazeDS sub-app would have its own FlexClient.

     

    The duplicate session detected errors come from the FlexClient id on the request already being associated with a different JEE session on the server. A FlexClient can only be associated with a single session. BlazeDS checks that the FlexClient id on the request and the JEE session for the request (this will be represented by either a JSESSIONID session cookie header or jsessionid url parameter) are what it expects. If the FlexClient id is already associated with another session we throw an error.

     

    In most cases these errors stem from two initial ping requests getting made to the server at roughly the same time. This could be the application connecting up to the server over two endpoints or two sub-apps in a parent application connecting to the server at the same time. If the client doesn't have a session with the server when these requests go out, a JEE session will be created for each request. Also a FlexClient will get created for each request and associated with its respective JEE session. The problem happens when the responses get sent back to the client. Each response will have a different session cookie header. The last response will win and its session cookie header will get stored by the browser. Now, when additional requests get made to the server, the JEE session will only be correct for one of the endpoints or sub apps. The other one will cause duplicate session detected errors.

     

    The solution for this in most cases is to make sure that you already have a session with the server before connecting up over two endpoints at the same time. There are a number of ways you can implement this in your application which I won't go into in detail here.

     

    It sounds like people are getting these errors for a number of reasons. Hopefully understanding how the duplicate session detection works will help you debug your issues.

     

    For anyone who is interested, I have also blogged about this topic in detail here.

     

    http://www.alexglosband.com/?p=3

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 15, 2010 7:23 AM   in reply to Alex Glosband

    Hi,

    Thanks Alex !
    "The solution for this in most cases is to make sure that you already have a session with the server before connecting up over two endpoints at the same time. There are a number of ways you can implement this in your application which I won't go into in detail here."
    I am using Coldfusion 9 and in my application.cfm i've put :
    "<cfapplication name="App name"
    SESSIONMANAGEMENT="Yes"
    SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 30, 0)#">
    This doesn't fx my issue.
    I have only one CFM page (with html inside) that holds my application swf (Flex app) and of course many cfc's (in a separate folder, but same server)
    Like this :
    --My server
    --------My app
    -----------------application.cfm
    -----------------index.cfm
    -----------------myapp.swf
    --------CFC folder
    -----------------application.cfm
    -----------------folder 1
    ---------------------------mycfc1.cfc
    ---------------------------mycfc2.cfc
    -----------------folder 2
    --------------------------- ...
    --------------------------- ...
    --------------------------- ...
    -----------------folder 3
    --------------------------- ...
    --------------------------- ...
    I don't know what to do ... sometimes I recieve this error more than 100 times a day...
    Regards,
    Aubry

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 15, 2010 7:42 AM   in reply to aubweb

    How easy is it for you to reproduce the error?

     

    I'd like to know what is the situation that is causing you to get these errors. It doesn't sound like you have the problem I discussed with two ping requests reaching the server at roughly the same time.

     

    If you can reproduce the problem relatively easily/consistently, I would try to use a tool like Charles to capture the traffic between the client and the server. If you can get a capture log where you encounter this error, I can take a look at it for you and let you know if I think it's a bug/problem in BlazeDS.

     

    If it's not that easy to reproduce consistently, I would turn on server side logging in BlazeDS, get the problem to happen and then send me your log file to look at. You'll want to turn on Debug level logging with a filter pattern of "*".

     

    Here are instructions for setting up server side logging in BlazeDS.

     

    http://livedocs.adobe.com/blazeds/1/blazeds_devguide/help.html?content =services_logging_3.html

     

    You can just reply back to this thread and attach your capture log, server side log file or both and I will take a look at them for you. Thanks.

     

    -Alex

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 16, 2010 2:17 AM   in reply to Alex Glosband

    Hi Alex,

     

    Here are 2 messages I logged :

     

    [BlazeDS]Unhandled error when processing a message: flex.messaging.LocalizedException: The FlexSession is invalid.
      incomingMessage: Flex Message (flex.messaging.messages.RemotingMessage) 
        operation = send
        clientId = null
        destination = ColdFusion
        messageId = FB94EF44-690D-DBE3-F267-660FA1384663
        timestamp = 0
        timeToLive = 0
        body = null
        hdr(DSId) = 302C30DE-6B1B-C98F-7AFC-F6A91976A6C2
        hdr(DSEndpoint) = my-cfamf
      errorReply: Flex Message (flex.messaging.messages.ErrorMessage) 
        clientId = null
        correlationId = FB94EF44-690D-DBE3-F267-660FA1384663
        destination = ColdFusion
        messageId = 302C77CB-281C-2661-8A77-36779E4FD20D
        timestamp = 1268727660968
        timeToLive = 0
        body = null
        code =  Server.Processing
        message =  There was an unhandled failure on the server. The FlexSession is invalid.
        details =  null
        rootCause =  null
        body =  null
        extendedData =  null
      Exception: flex.messaging.LocalizedException: The FlexSession is invalid.
         at flex.messaging.FlexSession.checkValid(FlexSession.java:916)
         at flex.messaging.FlexSession.addSessionDestroyedListener(FlexSession.java:382)
         at flex.messaging.client.FlexClient.registerFlexSession(FlexClient.java:1084)
         at flex.messaging.endpoints.AbstractEndpoint.setupFlexClient(AbstractEndpoint.java:939)
         at flex.messaging.endpoints.BaseHTTPEndpoint.setupFlexClient(BaseHTTPEndpoint.java:374)
         at flex.messaging.endpoints.AbstractEndpoint.setupFlexClient(AbstractEndpoint.java:910)
         at flex.messaging.endpoints.amf.MessageBrokerFilter.invoke(MessageBrokerFilter.java:92)
         at flex.messaging.endpoints.amf.LegacyFilter.invoke(LegacyFilter.java:158)
         at flex.messaging.endpoints.amf.SessionFilter.invoke(SessionFilter.java:44)
         at flex.messaging.endpoints.amf.BatchProcessFilter.invoke(BatchProcessFilter.java:67)
         at flex.messaging.endpoints.amf.SerializationFilter.invoke(SerializationFilter.java:146)
         at flex.messaging.endpoints.BaseHTTPEndpoint.service(BaseHTTPEndpoint.java:278)
         at coldfusion.flash.messaging.CFAMFEndPoint.service(CFAMFEndPoint.java:200)
         at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:322)
         at coldfusion.flex.ColdFusionMessageBrokerServlet.service(ColdFusionMessageBrokerServlet.java:51)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
         at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
         at com.intergral.fusionreactor.filter.FusionReactorFilter.b(FusionReactorFilter.java:376)
         at com.intergral.fusionreactor.filter.FusionReactorFilter.c(FusionReactorFilter.java:254)
         at com.intergral.fusionreactor.filter.FusionReactorFilter.doFilter(FusionReactorFilter.java:164)
         at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
         at coldfusion.filter.FlashRequestControlFilter.doFilter(FlashRequestControlFilter.java:71)
         at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
         at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
         at jrun.servlet.FilterChain.service(FilterChain.java:101)
         at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
         at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
         at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
         at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
         at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
         at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
         at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
         at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
         at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
    
     
    

     

    Second one  :

     

    [BlazeDS]Unhandled error when processing a message: flex.messaging.LocalizedException: The FlexSession is invalid.
      incomingMessage: Flex Message (flex.messaging.messages.RemotingMessage) 
        operation = whosWho
        clientId = null
        destination = ColdFusion
        messageId = F8466371-6DE8-F9CF-4E1C-663DAFC61884
        timestamp = 0
        timeToLive = 0
        body = null
        hdr(DSId) = 309D602C-A41A-FCA1-648B-99CC42F72A26
        hdr(DSEndpoint) = my-cfamf
      errorReply: Flex Message (flex.messaging.messages.ErrorMessage) 
        clientId = null
        correlationId = F8466371-6DE8-F9CF-4E1C-663DAFC61884
        destination = ColdFusion
        messageId = 309D8B89-B739-6BBA-E19B-BE633F48035F
        timestamp = 1268730696359
        timeToLive = 0
        body = null
        code =  Server.Processing
        message =  There was an unhandled failure on the server. The FlexSession is invalid.
        details =  null
        rootCause =  null
        body =  null
        extendedData =  null
      Exception: flex.messaging.LocalizedException: The FlexSession is invalid.
         at flex.messaging.FlexSession.checkValid(FlexSession.java:916)
         at flex.messaging.FlexSession.addSessionDestroyedListener(FlexSession.java:382)
         at flex.messaging.client.FlexClient.registerFlexSession(FlexClient.java:1084)
         at flex.messaging.endpoints.AbstractEndpoint.setupFlexClient(AbstractEndpoint.java:939)
         at flex.messaging.endpoints.BaseHTTPEndpoint.setupFlexClient(BaseHTTPEndpoint.java:374)
         at flex.messaging.endpoints.AbstractEndpoint.setupFlexClient(AbstractEndpoint.java:910)
         at flex.messaging.endpoints.amf.MessageBrokerFilter.invoke(MessageBrokerFilter.java:92)
         at flex.messaging.endpoints.amf.LegacyFilter.invoke(LegacyFilter.java:158)
         at flex.messaging.endpoints.amf.SessionFilter.invoke(SessionFilter.java:44)
         at flex.messaging.endpoints.amf.BatchProcessFilter.invoke(BatchProcessFilter.java:67)
         at flex.messaging.endpoints.amf.SerializationFilter.invoke(SerializationFilter.java:146)
         at flex.messaging.endpoints.BaseHTTPEndpoint.service(BaseHTTPEndpoint.java:278)
         at coldfusion.flash.messaging.CFAMFEndPoint.service(CFAMFEndPoint.java:200)
         at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:322)
         at coldfusion.flex.ColdFusionMessageBrokerServlet.service(ColdFusionMessageBrokerServlet.java:51)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
         at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
         at com.intergral.fusionreactor.filter.FusionReactorFilter.b(FusionReactorFilter.java:376)
         at com.intergral.fusionreactor.filter.FusionReactorFilter.c(FusionReactorFilter.java:254)
         at com.intergral.fusionreactor.filter.FusionReactorFilter.doFilter(FusionReactorFilter.java:164)
         at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
         at coldfusion.filter.FlashRequestControlFilter.doFilter(FlashRequestControlFilter.java:71)
         at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
         at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
         at jrun.servlet.FilterChain.service(FilterChain.java:101)
         at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
         at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
         at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
         at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
         at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
         at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
         at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
         at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
         at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
    
    
    

     

    I hope this can help you ...

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 16, 2010 11:48 AM   in reply to aubweb

    Hello

    Im using blazeds 3.2.0.3978.

    Websphere 6.1.0.19 ND

    Remote objects are secured (I have to ChannelSet.login to have access to them).

     

    There is a serious bug in this "Server.Processing.DuplicateSessionDetected" logic.

    I got some logs like this. This was generated by a request, not by the listener:

     

     

    [16/03/10 14:33:27:776 GMT-03:00] 00000096 SystemOut     O [BlazeDS]03/16/2010 14:33:27.776 [DEBUG] [Endpoint.FlexSession] FlexSession with id 'Do9YTIeVtzr3cpWTqdyhiBt' for an Http-based client connection has been invalidated.
    [16/03/10 14:33:27:776 GMT-03:00] 00000096 SystemOut     O [BlazeDS]03/16/2010 14:33:27.776 [DEBUG] [Client.FlexClient] FlexClient with id '34BAAB4F-380D-02DB-595F-A1B159B9A5D8' has been invalidated.
    [16/03/10 14:33:27:776 GMT-03:00] 00000096 SystemOut     O [BlazeDS]03/16/2010 14:33:27.776 [DEBUG] [Endpoint.FlexSession] FlexSession with id '2fPy3VD9O3rVndCI5szGkhc' for an Http-based client connection has been invalidated.
    [16/03/10 14:33:27:776 GMT-03:00] 00000096 SystemOut     O [BlazeDS]03/16/2010 14:33:27.776 [DEBUG] [Endpoint.FlexSession] FlexSession created with id 'WotGiKMDnkHbbTYzs5KTL7c' for an Http-based client connection.
    [16/03/10 14:33:27:792 GMT-03:00] 00000096 SystemOut     O [BlazeDS]03/16/2010 14:33:27.792 [DEBUG] [Message.General] Error handling message: flex.messaging.endpoints.DuplicateSessionException: Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly.
    

     

    For the same request, blaze is invalidating my first flex session, after this he invalidates my flex client, invalidate a second flex session and after that create a new third flex session, throwing the error...

     

    I found out a pattern here. This erros happens when my sessions is invalidated by an active request. When the session is invalidated by the listener blazeds will throw a "Client.Authentication" error. Let me put this in an example. I can reproduce the error following the steps below:

    1 - Set my session timeout to 1 (1 min) in web.xml

    2 - Make some requests to the application.

    3 - Wait 1 min idle, but not much more.

    4 - Make another request to blazeds BEFORE the listener logs that it's invalidating the session, but after the timeout (like, in 1 min and 5 secs).

    5 - BAM. Sessions creations and invalidations, and error "Server.Processing.DuplicateSessionDetected" thrown.

     

     

    If I wait for the messages of the listener invalidating the session:

     

    [16/03/10 15:06:51:592 GMT-03:00] 0000009f SystemOut     O [BlazeDS]03/16/2010 15:06:51.592 [DEBUG] [Client.FlexClient] FlexClient with id '34BAAB4F-380D-02DB-595F-A1B159B9A5D8' has been invalidated.
    [16/03/10 15:06:51:592 GMT-03:00] 0000009f SystemOut     O [BlazeDS]03/16/2010 15:06:51.592 [DEBUG] [Endpoint.FlexSession] FlexSession with id '3GIr4jTEVc4ERD42F0011Hp' for an Http-based client connection has been invalidated.
    

     

    and make another request, blazeds will create a new client (the same invalidated before), a new flex session and then will throw me a "Client.Authentication" saying that ""Login required before authorization can proceed." which is fine because my application is handling this and showing the login window again.

     

     

    So, plz help!

     

    I just don't want to abandon flex right now but if I can't enconunter a solution other than compiling my own blaze version I'll have to abandon flex :-(

     

     

     

    Edit:

    Also, if you remove the listener from web.xml you will see the "Server.Processing.DuplicateSessionDetected" and the following pattern for every request after the session expired. It seems the request after session expiration creates a new session  but then blazeds checks my stored client and the session id. It's not a match, then blaze invalidate all three objects (new session, old session and flex client) and then creates a new session to throw the error after:

     

    [16/03/10 15:34:30:412 GMT-03:00] 00000093 SystemOut     O [BlazeDS]03/16/2010 15:34:30.412 [DEBUG] [Endpoint.FlexSession] FlexSession created with id '7RMvovV6cMmEjFc635Q2pPQ' for an Http-based client connection.
    [16/03/10 15:34:30:412 GMT-03:00] 00000093 SystemOut     O [BlazeDS]03/16/2010 15:34:30.412 [INFO] [Endpoint.General] Channel endpoint my-amf received request.
    [16/03/10 15:34:30:412 GMT-03:00] 00000093 SystemOut     O [BlazeDS]03/16/2010 15:34:30.412 [DEBUG] [Endpoint.AMF] Deserializing AMF/HTTP request
    Version: 3
      (Message #0 targetURI=null, responseURI=/10)
        (Array #0)
          [0] = (Typed Object #0 'flex.messaging.messages.RemotingMessage')
            source = null
            operation = "consultarCilindros"
            destination = "cadastroCilindroService"
            messageId = "F31D4D5E-7FBA-4A87-107C-684170BBBDDD"
            timeToLive = 0
            timestamp = 0
            body = (Array #1)
              [0] = "9860"
              [1] = "VIRGEM"
              [2] = null
              [3] = 1
            clientId = "358154BD-2C0D-1116-F735-8BD33DEA3291"
            headers = (Object #2)
              DSEndpoint = "my-amf"
              DSId = "35811815-D409-BFE7-064F-450503D46B7A"
    
    [16/03/10 15:34:30:412 GMT-03:00] 00000093 SystemOut     O [BlazeDS]03/16/2010 15:34:30.412 [DEBUG] [Endpoint.FlexSession] FlexSession with id 'YhzDTcrOPG5AGIQA7KLCHZ1' for an Http-based client connection has been invalidated.
    [16/03/10 15:34:30:412 GMT-03:00] 00000093 SystemOut     O [BlazeDS]03/16/2010 15:34:30.412 [DEBUG] [Client.FlexClient] FlexClient with id '35811815-D409-BFE7-064F-450503D46B7A' has been invalidated.
    [16/03/10 15:34:30:412 GMT-03:00] 00000093 SystemOut     O [BlazeDS]03/16/2010 15:34:30.412 [DEBUG] [Endpoint.FlexSession] FlexSession with id '7RMvovV6cMmEjFc635Q2pPQ' for an Http-based client connection has been invalidated.
    [16/03/10 15:34:30:412 GMT-03:00] 00000093 SystemOut     O [BlazeDS]03/16/2010 15:34:30.412 [DEBUG] [Endpoint.FlexSession] FlexSession created with id 'YhzDTcrOPG5AGIQA7KLCHZ1' for an Http-based client connection.
    [16/03/10 15:34:30:443 GMT-03:00] 00000093 SystemOut     O [BlazeDS]03/16/2010 15:34:30.443 [DEBUG] [Message.General] Error handling message: flex.messaging.endpoints.DuplicateSessionException: Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly.
      incomingMessage: Flex Message (flex.messaging.messages.RemotingMessage) 
        operation = consultarCilindros
        clientId = 358154BD-2C0D-1116-F735-8BD33DEA3291
        destination = cadastroCilindroService
        messageId = F31D4D5E-7FBA-4A87-107C-684170BBBDDD
        timestamp = 0
        timeToLive = 0
        body = null
        hdr(DSEndpoint) = my-amf
        hdr(DSId) = 35811815-D409-BFE7-064F-450503D46B7A
      errorReply: Flex Message (flex.messaging.messages.ErrorMessage) 
        clientId = 358154BD-2C0D-1116-F735-8BD33DEA3291
        correlationId = F31D4D5E-7FBA-4A87-107C-684170BBBDDD
        destination = cadastroCilindroService
        messageId = 3587BA4D-7B0B-1846-73DD-399AA4C2F806
        timestamp = 1268764470443
        timeToLive = 0
        body = null
        code =  Server.Processing.DuplicateSessionDetected
        message =  Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly.
        details =  null
        rootCause =  null
        body =  null
        extendedData =  null
    
     
    

     

    It seems the session invalidation triggered by a request is the trouble, throwing the exception "Server.Processing.DuplicateSessionDetected when it wasn't supposed to.  I don't have access to SVN here from my work place but when I got at home I'll check out the code and see if I can discover more about this.

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 18, 2010 5:15 AM   in reply to duardor

    Hi Duardor,

     

    any updates ?

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 18, 2010 6:05 AM   in reply to aubweb

    Hello

    I discovered some things, but I'm still working in the problem right now, debugging blazeds source and understanding what websphere does...

     

    It seems the source of all problem with blazeds + websphere 6.1 is the fact that when you call request.getUserPrincipal() in a non protected resource websphere will return null always even if the user is already authenticated. This way request.getUserPrincipal() will always return null in websphere because we can't protect the message broker servlet.

     

    What I did so far:

    - I developed a new LoginCommand that will authenticate using the websphere security mechanism, including generating the lpta tokens and binding the principal to the request. The one provided with blazeds is a little too simple and don't use the websphere programatic JAAS the way is supposed to be used. I had success in this but you have to pay some attention to some detail configuring security in websphere to make this work. So I can authenticate against websphere security and my response will have the specific websphere cookies to propagate credentials. I'm thinking about submit this in JIRA as a fix or alternative to the current websphere login command.

     

    - Now I'm working in a way to make websphere return the authentication information from a request to an unprotected resource (request.isUserInRole(), request.getUserPrincipal(), etc). Websphere has an option to enable returning authentication information even from unprotected resources but when I enable this blazeds can't deserialize the request (maybe websphere change it in some way, I don't know). An EOFException is thrown when an AMF0Input is used to read the first piece of data (the amf version, an unsigned short).

    Worse yet blaze ds will send nothing to the flash player and from this moment the flash players freezes and I have to close my browser (in fact, blazeds will answer nothing and the flash player just freezes, I think this could be a bug, at least I'd wait a error fault from blazeds but I debugged the code and the response is not touched by blazeds). I think this can be a potential bug in blazeds because the flash player will wait for a response that  will never arrive and just freezes.

     

    In the moment I'm trying to identify what changes in the request when I enable the option in websphere. Also I'm updating websphere to the last fix pack to see if it's just a bug. If all this doesn't work I have another option to try: protect the message broker servlet and develop a servlet that just signalizes a "Client.Authentication" fault and set this servlet as my login page in web.xml.

     

    Will update here as soon as possible.

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 18, 2010 6:15 AM   in reply to duardor

    I have a different configuration, I am using coldfusion so I don't know if have exactly the same problem.

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 18, 2010 7:16 AM   in reply to Alex Glosband

    Hi Alex,

     

    I am still getting this error (not me but some people who use my application).

     

    Is it related to a flex config file in coldfusion (remoting-config.xml, services-config.xml, proxy-config.xml...) ?

     

    in my application I always use remoteobjects like this :

     

    <mx:RemoteObject
    id="dataGetInfos"
    showBusyCursor="true"
    destination="ColdFusion" source="CFCprod.home.access">
    <mx:method name="getAreas" result="resultHandlerGetAreas(event)" fault="server_fault_silent(event, this.className.toString()); getAreasFault(event);">
    <mx:arguments>
    <USERID>{aUser.userid}</USERID> 
    </mx:arguments>
    </mx:method>
    ....
    </mx:RemoteObject>
    
    

     

    same destination for all (=Coldfusion).

     

     

    ps : here are the config file I use when I compile my app in Flex http://www.aubweb.be/attachements/

     

     

    Thanks a lot for your help.

     

    Aubry

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 18, 2010 11:26 AM   in reply to aubweb

    So, after I updated my WAS to 6.1.0.29 my problem was gone.

    Now I can use request.isUserInRole() from unprotected resources and this solved my problems integrating websphere 6.1 and blazeds.

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 25, 2010 2:17 AM   in reply to gauravnasit

    Hi

     

    I personally had this error this morning when I opened the app in Internet Explorer.

    I ran Charles to capture what was happening…

     

    Here’s a response header in IE : (remote objects threw fault event)

     

    HTTP/1.1 200 OK

    Date

    Thu, 25 Mar 2010 08:57:12 GMT

    Server

    Microsoft-IIS/6.0

    X-Powered-By

    ASP.NET

    Set-Cookie

    JSESSIONID=8430c9fca90edc183d88362d1c57527f2518;path=/

    Set-Cookie

    JSESSIONID=8430c9fca90edc183d88362d1c57527f2518;path=/

    Set-Cookie

    JSESSIONID=8430c9fca90edc183d88362d1c57527f2518;path=/

    Set-Cookie

    JSESSIONID=8430c9fca90edc183d88362d1c57527f2518;path=/

    Set-Cookie

    JSESSIONID=8430c9fca90edc183d88362d1c57527f2518;path=/

    Pragma

    no-cache

    Expires

    Sat, 25 Dec 1999 00:00:00 GMT

    Cache-Control

    no-cache

    Content-Type

    application/x-amf

    Content-Length

    2261

     

    I opened the app in Chrome and for the same thing look at the header response : (remote objects threw result event)

     

    HTTP/1.1 200 OK

    Date

    Thu, 25 Mar 2010 09:03:14 GMT

    Server

    Microsoft-IIS/6.0

    X-Powered-By

    ASP.NET

    Pragma

    no-cache

    Expires

    Sat, 25 Dec 1999 00:00:00 GMT

    Cache-Control

    no-cache

    Content-Type

    application/x-amf

    Content-Length

    610

     

     

     

    AMF response in IE :

     

    AMF Message

    Message

    Header

    Body

    [0]

    Body Part

    Target

    String

    /81/onStatus

    Response

    String

    Content

    Object

    flex.messaging.messages.ErrorMessage

    headers

    Object

    rootCause

    Null

    body

    Null

    correlationId

    String

    4D090D88-6681-526A-29E4-9489B94325E7

    faultDetail

    Null

    faultString

    String

    Detected duplicate HTTP-based   FlexSessions, generally due to the remote host disabling session cookies.   Session cookies must be enabled to manage the client connection correctly.

    clientId

    Null

    timeToLive

    Number

    0

    destination

    String

    ColdFusion

    timestamp

    Number

    1269507432078

    extendedData

    Null

    faultCode

    String

    Server.Processing.DuplicateSessionDetected

    messageId

    String

    A1A53498-AE08-AB21-1CC3-B6E789A5C582

     

     

    So now… how can I fix this issue ???

    Why I have 4 times set-cookie?

     

    Please advise.

     

    Aubry

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 25, 2010 3:56 AM   in reply to aubweb

    Hi Aubry,

     

    What does your deployment look like? You have an IIS server that is proxying requests to your application server? Do you have a single application server at the backend or a cluster of application servers?

     

    I don’t know of anything that would cause 5 set-cookie headers to get added to the response but I don't think that should in itself be a problem as all the cookies have the same JSESSIONID and path. One of the cookies should get stored by the browser and the browser should then pass it with every request.

     

    Can you send the Charles log with both the requests and the responses? What does the request look like in the IE case when you get the duplicate session detected error? Does it have a JSESSIONID session cookie header? Maybe cookies are disabled in the browser and that is the problem?

     

    Also, what version/build of BlazeDS are you using? I'd recommend that anyone having duplicate session detection problems try using the latest nightly 3.x or trunk build from the BlazeDS downloads page and see if that helps things.

     

    -Alex

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 25, 2010 4:18 AM   in reply to Alex Glosband

    Hi Alex,

     

    Thanks for your prompt reply.

    Charles file is there : http://www.aubweb.be/Flexsessions.chls

     

    We have one IIS server with coldfusion 9 installed on it.

    And one other server with all the databases.

     

    I am using the balzeDS version shipped with CF9.

     

    I'll try to install the latest nightly trunk build of Blaze DS.

    I just need to replace some files on my locale machine where I compile ?

    and some jars on the server that's right ? (quite noob question but I don't want to mess something).

     

    Thank you.

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 26, 2010 2:36 AM   in reply to gauravnasit

    Hi,

     

    I stopped my coldfusion service.

    I replaced all my flex-messaging-*.jar that are in Coldfusion9\lib directory with the ones that are in the last version of blazeds (3.3.0.14146), binary versiom.

    Restarted coldfusion ...

     

    And the problem is still there...

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 1, 2010 11:35 PM   in reply to aubweb

    Hi,

     

    Maybe the problem is not in BlazeDS and so updating it won't change anything.

     

    The duplicate session is triggered when you have multiple requests coming from the same client with different DSID in the header of the AMF request or multiple sessions coming with the same DSID.

     

    Hope this help,

    Nicolas.

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 1, 2010 11:38 PM   in reply to gauravnasit

    Ive had some similar problems, great information in this post.

     
    |
    Mark as:
  • Currently Being Moderated
    May 6, 2010 5:55 AM   in reply to gauravnasit

    Issue still not fixed on my side...

     

    I've planned to reinstall CF9 on our production environement

     
    |
    Mark as:
  • Currently Being Moderated
    May 18, 2010 12:52 AM   in reply to aubweb

    I reinstalled coldfusion 9 yesterday and problem is still there...

     

    RPC Fault

    faultString="Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly."

    faultCode="Server.Processing.DuplicateSessionDetected"

    faultDetail="null"

     
    |
    Mark as:
  • Currently Being Moderated
    May 18, 2010 7:15 AM   in reply to aubweb

    Hi. Looking at the Charles log you attached awhile back, the problem looks to be due to the server creating a new HTTPSession for every request to the flex gateway. The first request to the flex gateway in the Charles log failed because the FlexClient ID in the AMF request (this is the DSId header) was already associated with another HTTP session.

     

    If you look at the headers in the response to this first request you'll see at number of Set-Cookie headers for the JSESSIONID.

     

    Set-CookieJSESSIONID=8430e043b5563663a32f7c491c681b4771e4;path=/
    Set-CookieJSESSIONID=8430e043b5563663a32f7c491c681b4771e4;path=/
    Set-CookieJSESSIONID=8430e043b5563663a32f7c491c681b4771e4;path=/
    Set-CookieJSESSIONID=8430e043b5563663a32f7c491c681b4771e4;path=/

     

     

    I'm not sure why there is more than one of these but what this means is that the server did not recognize the JSESSIONID on the request and created a new HTTPSession for you. That should not be happening. If the Flex client has a FlexClient ID, it means that a new FlexClient was created on the server and tied to a HTTP Session. The JSESSIONID and the FlexClient ID were returned to the client. The client now needs to pass that same FlexClient ID and the JSESSIONID to the server. In this case however the server doesn't recognize the JSESSIONID you are sending it.

     

    If you look at the HTTP headers on the first request to the flex gateway, you can see that there are two JSESSIONID headers.

     

    s_sess%20s_cc%3Dtrue%3B%20s_sq%3Dswhswhstarwoodone%253D%252526pid%25253DEAME %2525253A%25252520Homepage%252526pidt%25253D1%252526oid%25253Dfunction linkIt%25252528%25252529%2525257Bif%25252528this.linkText.indexOf%2525 2528%25252522javascript%2525253A%25252522%25252529%25252521%2525253D-1 %25252529eval%25252528this.linkText%25252529elsemenuLoc.location%25252 6oidt%25253D2%252526ot%25253DSPAN%252526oi%25253D1810%3B
    TLTHID2B05517A37EB1037CBD3C3B4E4C00546
    TLTSID2748929A37EB1037CB71C3B4E4C00546
    JSESSIONID00001dWix_Mxhmz-QEOO0jcVueo:13mo7b8v1
    s_vi[CS]v1|477B6AD8000041FC-A290B2400000EBC[CE]
    s_pers%20s_vnum%3D1270635787495%2526vn%253D23%7C1270635787495%3B%20s_lastvis it%3D1269506873843%7C1364114873843%3B%20gpv_p12%3D157%252C3760795%252C 157_3760798%7C1269508694906%3B%20s_visit%3D1%7C1269508701433%3B%20s_nr %3D1269506901448%7C1272098901448%3B%20s_invisit%3Dtrue%7C1269508701464 %3B%20temp_s_campaign_ES%3DSW1_ETOOLS_STARHOT%7C1272098901480%3B%20s_e v45%3D%255B%255B%2527ES%253Aundefined%2527%252C%25271252569704540%2527 %255D%252C%255B%2527ES%253A09%253A16%253A2009%2527%252C%25271253107565 476%2527%255D%252C%255B%2527ES%253A11%253A03%253A2009%2527%252C%252712 57260612733%2527%255D%252C%255B%2527ES%253A11%253A30%253A2009%2527%252 C%25271259598422585%2527%255D%252C%255B%2527ES%253A03%253A25%253A2010% 2527%252C%25271269506901480%2527%255D%255D%7C1427273301480%3B
    CFADMIN_LASTPAGE_ADMIN%2FCFIDE%2Fadministrator%2Flogging%2Findex%2Ecfm
    ANALYZER_DIRECTORYC%3A%5CInetpub%5Cwwwroot%5CEAMEDASHBOARD%5CreflexCFCprod
    CFID12815
    CFTOKEN768a952af8676dab-726E30C2-1CC4-432D-D0FA7089BC4AF753
    JSESSIONID84302df05caf65289cd66e46581257450252

    The server is probably just seeing the first JSESSIONID which it doesn't recognize and then creating a new HTTP session. I'd look at where this first JSESSIONID is getting set and see if you can configure things so the correct JSESSIONID is getting sent to the flex gateway.

     

    Hope that helps.

     

    -Alex

     
    |
    Mark as:
  • Currently Being Moderated
    May 18, 2010 7:44 AM   in reply to Alex Glosband

    Thank you Alex,

     

    But I have no clue at all on how to handle this.

    Can you please shed some light ?

     
    |
    Mark as:
  • Currently Being Moderated
    May 18, 2010 7:59 AM   in reply to aubweb

    Hi. It looks like you are using a couple different subdomains. It seems like maybe the session id from a server on one subdomain is getting sent to the flex gateway which is running on a server on another subdomain. I can see that the following JSESSIONID is getting sent to both reflextest.starwoodhotels.com and reflex.starwoodhotels.com.

     

    00001dWix_Mxhmz-QEOO0jcVueo:13mo7b8v1

     

    Do you know which server is setting this session cookie? Could you possibly take one of the servers such as reflextest.starwoodhotels.com out of the picture and see if it fixes the problem?

     

    If taking one of the servers out of the picture resolves the problem you may be able to configure one of the servers so the browser doesn't send the JSESSIONID to the other server. You would probably do this by setting the Path or the Domain property on the Cookie. I'm not sure how application servers typically expose these properties so if you get this far will leave this part up to you to figure out

     

    Hope that helps.

     

    -Alex

     
    |
    Mark as:
  • Currently Being Moderated
    May 18, 2010 8:25 AM   in reply to Alex Glosband

    reflex.st.... is setting the session cookie and the strange thing is that we recieve the error before that the application is looking for a xml file on the other subdomain (reflextest).

     

    To be more clear when you launch the app you have the error on the first page.

    And on few pages I load an rss feed that stands on reflextest domain.

     

    That's the only interaction between those 2 domains.

    on both domains CF9 is installed.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 22, 2010 1:20 PM   in reply to aubweb

    I believe I'm running into this as well. We have a two server situation. The application server is running cf9 and the webserver on a different box is running apache/tomcat. The swf is on the apache server and making calls to the cf9 server. It works fine for all browsers but IE. Something about IE is causing the same issue triggering a duplicate session. The apache server is placing a jsessionid cookie on the users browser when they log in. It is our main domain.  The CF application server is on a subdomain www2.maindomain.

     

    I'm wondering if these cookies are getting confused.

     

    Did you get any resolution to this issue?

     
    |
    Mark as:
  • Currently Being Moderated
    Feb 1, 2011 7:17 AM   in reply to duardor

    I'm using the same environment, but, am getting "Validation of the LTPA token failed because the token expired with the following info..." whenever the session ends and the app goes after another request.  I'm okay with handling it with re-authenticating from the Flex side if an error is returned, but, Websphere doesn't return a real response...have you seen this?

     
    |
    Mark as:
  • Currently Being Moderated
    Feb 16, 2011 5:10 PM   in reply to David_Welch

    I had a problem like this with cross-domain cookies.

     

    Sorry I didn't read all the thread but the "Duplicate Session" is when the JSESSIONID cookie is not accepted by the browser.

     

    I did what this blog says and it worked for me in safari.

     

    A little bit of jquery and worked like a charm...

     

    http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points