Adobe Community: Server.Processing.DuplicateSessionDetected

Currently Being Moderated

15. aubweb,

Mar 18, 2010 7:16 AM in reply to Alex Glosband

Report

Hi Alex,

I am still getting this error (not me but some people who use my application).

Is it related to a flex config file in coldfusion (remoting-config.xml, services-config.xml, proxy-config.xml...) ?

in my application I always use remoteobjects like this :

<mx:RemoteObject
id="dataGetInfos"
showBusyCursor="true"
destination="ColdFusion" source="CFCprod.home.access">
<mx:method name="getAreas" result="resultHandlerGetAreas(event)" fault="server_fault_silent(event, this.className.toString()); getAreasFault(event);">
<mx:arguments>
<USERID>{aUser.userid}</USERID> 
</mx:arguments>
</mx:method>
....
</mx:RemoteObject>

same destination for all (=Coldfusion).

ps : here are the config file I use when I compile my app in Flex http://www.aubweb.be/attachements/

Thanks a lot for your help.

Aubry

|

Mark as:

Currently Being Moderated

16. duardor,

Mar 18, 2010 11:26 AM in reply to aubweb

Report

So, after I updated my WAS to 6.1.0.29 my problem was gone.

Now I can use request.isUserInRole() from unprotected resources and this solved my problems integrating websphere 6.1 and blazeds.

|

Mark as:

Currently Being Moderated

17. aubweb,

Mar 25, 2010 2:17 AM in reply to gauravnasit

Report

Hi

I personally had this error this morning when I opened the app in Internet Explorer.

I ran Charles to capture what was happening…

Here’s a response header in IE : (remote objects threw fault event)

	HTTP/1.1 200 OK
Date	Thu, 25 Mar 2010 08:57:12 GMT
Server	Microsoft-IIS/6.0
X-Powered-By	ASP.NET
Set-Cookie	JSESSIONID=8430c9fca90edc183d88362d1c57527f2518;path=/
Set-Cookie	JSESSIONID=8430c9fca90edc183d88362d1c57527f2518;path=/
Set-Cookie	JSESSIONID=8430c9fca90edc183d88362d1c57527f2518;path=/
Set-Cookie	JSESSIONID=8430c9fca90edc183d88362d1c57527f2518;path=/
Set-Cookie	JSESSIONID=8430c9fca90edc183d88362d1c57527f2518;path=/
Pragma	no-cache
Expires	Sat, 25 Dec 1999 00:00:00 GMT
Cache-Control	no-cache
Content-Type	application/x-amf
Content-Length	2261

I opened the app in Chrome and for the same thing look at the header response : (remote objects threw result event)

	HTTP/1.1 200 OK
Date	Thu, 25 Mar 2010 09:03:14 GMT
Server	Microsoft-IIS/6.0
X-Powered-By	ASP.NET
Pragma	no-cache
Expires	Sat, 25 Dec 1999 00:00:00 GMT
Cache-Control	no-cache
Content-Type	application/x-amf
Content-Length	610

AMF response in IE :

AMF Message	Message
Header
Body
[0]	Body Part
Target	String	/81/onStatus
Response	String
Content	Object	flex.messaging.messages.ErrorMessage
headers	Object
rootCause	Null
body	Null
correlationId	String	4D090D88-6681-526A-29E4-9489B94325E7
faultDetail	Null
faultString	String	Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly.
clientId	Null
timeToLive	Number	0
destination	String	ColdFusion
timestamp	Number	1269507432078
extendedData	Null
faultCode	String	Server.Processing.DuplicateSessionDetected
messageId	String	A1A53498-AE08-AB21-1CC3-B6E789A5C582

So now… how can I fix this issue ???

Why I have 4 times set-cookie?

Please advise.

Aubry

|

Mark as:

Currently Being Moderated

18. Alex Glosband,

Mar 25, 2010 3:56 AM in reply to aubweb

Report

Hi Aubry,

What does your deployment look like? You have an IIS server that is proxying requests to your application server? Do you have a single application server at the backend or a cluster of application servers?

I don’t know of anything that would cause 5 set-cookie headers to get added to the response but I don't think that should in itself be a problem as all the cookies have the same JSESSIONID and path. One of the cookies should get stored by the browser and the browser should then pass it with every request.

Can you send the Charles log with both the requests and the responses? What does the request look like in the IE case when you get the duplicate session detected error? Does it have a JSESSIONID session cookie header? Maybe cookies are disabled in the browser and that is the problem?

Also, what version/build of BlazeDS are you using? I'd recommend that anyone having duplicate session detection problems try using the latest nightly 3.x or trunk build from the BlazeDS downloads page and see if that helps things.

-Alex

|

Mark as:

Currently Being Moderated

19. aubweb,

Mar 25, 2010 4:18 AM in reply to Alex Glosband

Report

Hi Alex,

Thanks for your prompt reply.

Charles file is there : http://www.aubweb.be/Flexsessions.chls

We have one IIS server with coldfusion 9 installed on it.

And one other server with all the databases.

I am using the balzeDS version shipped with CF9.

I'll try to install the latest nightly trunk build of Blaze DS.

I just need to replace some files on my locale machine where I compile ?

and some jars on the server that's right ? (quite noob question but I don't want to mess something).

Thank you.

|

Mark as:

Currently Being Moderated

20. aubweb,

Mar 26, 2010 2:36 AM in reply to gauravnasit

Report

Hi,

I stopped my coldfusion service.

I replaced all my flex-messaging-*.jar that are in Coldfusion9\lib directory with the ones that are in the last version of blazeds (3.3.0.14146), binary versiom.

Restarted coldfusion ...

And the problem is still there...

|

Mark as:

Currently Being Moderated

21. Nicolas H.,

Apr 1, 2010 11:35 PM in reply to aubweb

Report

Hi,

Maybe the problem is not in BlazeDS and so updating it won't change anything.

The duplicate session is triggered when you have multiple requests coming from the same client with different DSID in the header of the AMF request or multiple sessions coming with the same DSID.

Hope this help,

Nicolas.

|

Mark as:

Currently Being Moderated

22. Play123,

Apr 1, 2010 11:38 PM in reply to gauravnasit

Report

Ive had some similar problems, great information in this post.

|

Mark as:

Currently Being Moderated

23. aubweb,

May 6, 2010 5:55 AM in reply to gauravnasit

Report

Issue still not fixed on my side...

I've planned to reinstall CF9 on our production environement

|

Mark as:

Currently Being Moderated

24. aubweb,

May 18, 2010 12:52 AM in reply to aubweb

Report

I reinstalled coldfusion 9 yesterday and problem is still there...

RPC Fault

faultString="Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly."

faultCode="Server.Processing.DuplicateSessionDetected"

faultDetail="null"

|

Mark as:

Currently Being Moderated

25. Alex Glosband,

May 18, 2010 7:15 AM in reply to aubweb

Report

Hi. Looking at the Charles log you attached awhile back, the problem looks to be due to the server creating a new HTTPSession for every request to the flex gateway. The first request to the flex gateway in the Charles log failed because the FlexClient ID in the AMF request (this is the DSId header) was already associated with another HTTP session.

If you look at the headers in the response to this first request you'll see at number of Set-Cookie headers for the JSESSIONID.

Set-Cookie	JSESSIONID=8430e043b5563663a32f7c491c681b4771e4;path=/
Set-Cookie	JSESSIONID=8430e043b5563663a32f7c491c681b4771e4;path=/
Set-Cookie	JSESSIONID=8430e043b5563663a32f7c491c681b4771e4;path=/
Set-Cookie	JSESSIONID=8430e043b5563663a32f7c491c681b4771e4;path=/

I'm not sure why there is more than one of these but what this means is that the server did not recognize the JSESSIONID on the request and created a new HTTPSession for you. That should not be happening. If the Flex client has a FlexClient ID, it means that a new FlexClient was created on the server and tied to a HTTP Session. The JSESSIONID and the FlexClient ID were returned to the client. The client now needs to pass that same FlexClient ID and the JSESSIONID to the server. In this case however the server doesn't recognize the JSESSIONID you are sending it.

If you look at the HTTP headers on the first request to the flex gateway, you can see that there are two JSESSIONID headers.

s_sess	%20s_cc%3Dtrue%3B%20s_sq%3Dswhswhstarwoodone%253D%252526pid%25253DEAME %2525253A%25252520Homepage%252526pidt%25253D1%252526oid%25253Dfunction linkIt%25252528%25252529%2525257Bif%25252528this.linkText.indexOf%2525 2528%25252522javascript%2525253A%25252522%25252529%25252521%2525253D-1 %25252529eval%25252528this.linkText%25252529elsemenuLoc.location%25252 6oidt%25253D2%252526ot%25253DSPAN%252526oi%25253D1810%3B
TLTHID	2B05517A37EB1037CBD3C3B4E4C00546
TLTSID	2748929A37EB1037CB71C3B4E4C00546
JSESSIONID	00001dWix_Mxhmz-QEOO0jcVueo:13mo7b8v1
s_vi	[CS]v1\|477B6AD8000041FC-A290B2400000EBC[CE]
s_pers	%20s_vnum%3D1270635787495%2526vn%253D23%7C1270635787495%3B%20s_lastvis it%3D1269506873843%7C1364114873843%3B%20gpv_p12%3D157%252C3760795%252C 157_3760798%7C1269508694906%3B%20s_visit%3D1%7C1269508701433%3B%20s_nr %3D1269506901448%7C1272098901448%3B%20s_invisit%3Dtrue%7C1269508701464 %3B%20temp_s_campaign_ES%3DSW1_ETOOLS_STARHOT%7C1272098901480%3B%20s_e v45%3D%255B%255B%2527ES%253Aundefined%2527%252C%25271252569704540%2527 %255D%252C%255B%2527ES%253A09%253A16%253A2009%2527%252C%25271253107565 476%2527%255D%252C%255B%2527ES%253A11%253A03%253A2009%2527%252C%252712 57260612733%2527%255D%252C%255B%2527ES%253A11%253A30%253A2009%2527%252 C%25271259598422585%2527%255D%252C%255B%2527ES%253A03%253A25%253A2010% 2527%252C%25271269506901480%2527%255D%255D%7C1427273301480%3B
CFADMIN_LASTPAGE_ADMIN	%2FCFIDE%2Fadministrator%2Flogging%2Findex%2Ecfm
ANALYZER_DIRECTORY	C%3A%5CInetpub%5Cwwwroot%5CEAMEDASHBOARD%5CreflexCFCprod
CFID	12815
CFTOKEN	768a952af8676dab-726E30C2-1CC4-432D-D0FA7089BC4AF753
JSESSIONID	84302df05caf65289cd66e46581257450252

The server is probably just seeing the first JSESSIONID which it doesn't recognize and then creating a new HTTP session. I'd look at where this first JSESSIONID is getting set and see if you can configure things so the correct JSESSIONID is getting sent to the flex gateway.

Hope that helps.

-Alex

|

Mark as:

Currently Being Moderated

26. aubweb,

May 18, 2010 7:44 AM in reply to Alex Glosband

Report

Thank you Alex,

But I have no clue at all on how to handle this.

Can you please shed some light ?

|

Mark as:

Currently Being Moderated

27. Alex Glosband,

May 18, 2010 7:59 AM in reply to aubweb

Report

Hi. It looks like you are using a couple different subdomains. It seems like maybe the session id from a server on one subdomain is getting sent to the flex gateway which is running on a server on another subdomain. I can see that the following JSESSIONID is getting sent to both reflextest.starwoodhotels.com and reflex.starwoodhotels.com.

00001dWix_Mxhmz-QEOO0jcVueo:13mo7b8v1

Do you know which server is setting this session cookie? Could you possibly take one of the servers such as reflextest.starwoodhotels.com out of the picture and see if it fixes the problem?

If taking one of the servers out of the picture resolves the problem you may be able to configure one of the servers so the browser doesn't send the JSESSIONID to the other server. You would probably do this by setting the Path or the Domain property on the Cookie. I'm not sure how application servers typically expose these properties so if you get this far will leave this part up to you to figure out

Hope that helps.

-Alex

|

Mark as:

Currently Being Moderated

28. aubweb,

May 18, 2010 8:25 AM in reply to Alex Glosband

Report

reflex.st.... is setting the session cookie and the strange thing is that we recieve the error before that the application is looking for a xml file on the other subdomain (reflextest).

To be more clear when you launch the app you have the error on the first page.

And on few pages I load an rss feed that stands on reflextest domain.

That's the only interaction between those 2 domains.

on both domains CF9 is installed.

|

Mark as:

Currently Being Moderated

29. gmstoner,

Jul 22, 2010 1:20 PM in reply to aubweb

Report

I believe I'm running into this as well. We have a two server situation. The application server is running cf9 and the webserver on a different box is running apache/tomcat. The swf is on the apache server and making calls to the cf9 server. It works fine for all browsers but IE. Something about IE is causing the same issue triggering a duplicate session. The apache server is placing a jsessionid cookie on the users browser when they log in. It is our main domain. The CF application server is on a subdomain www2.maindomain.

I'm wondering if these cookies are getting confused.

Did you get any resolution to this issue?

|

Mark as:

Currently Being Moderated

30. David_Welch,

Feb 1, 2011 7:17 AM in reply to duardor

Report

I'm using the same environment, but, am getting "Validation of the LTPA token failed because the token expired with the following info..." whenever the session ends and the app goes after another request. I'm okay with handling it with re-authenticating from the Flex side if an error is returned, but, Websphere doesn't return a real response...have you seen this?

|

Mark as:

Currently Being Moderated

31. khatchik82,

Feb 16, 2011 5:10 PM in reply to David_Welch

Report

I had a problem like this with cross-domain cookies.

Sorry I didn't read all the thread but the "Duplicate Session" is when the JSESSIONID cookie is not accepted by the browser.

I did what this blog says and it worked for me in safari.

A little bit of jquery and worked like a charm...

http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/

|

Mark as:

General Discussion

More Like This

Bookmarked By (0)

Answers + Points = Status

General Discussion

Server.Processing.DuplicateSessionDetected

Sep 2, 2009 8:35 AM

More Like This

Bookmarked By (0)

Answers + Points = Status