1 Reply Latest reply on Mar 1, 2014 12:41 AM by oleg.baskakov

    JSession cookie dropping cause DuplicateSessionDetected exception when use https rather than http

    oleg.baskakov

      I developing Grails+BlazeDS server and Flex AIR client and stucked with this error: Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly

       

      Google searches didn't successfully, as I see some difference in situations. The issue I got only when Flex client interact with server via https.

       

      Flex client:

       

      <s:ChannelSet id="userChannel">

                 <s:SecureAMFChannel uri="https://localhost:8443/Con/messagebroker/amfpolling" />

      </s:ChannelSet>

       

      button click in UI triggered login method:

       

      loginResult.token = channelSet.login(usernameInput.text, passwordInput.text);

       

      And finished with DuplicateSessionDetected exception.

      After investigating network monitor logs, I found that a jsession cookie received from server not set in next requests to a server:

       

      Response from server (operation: client_ping):

       

      HTTP/1.1 200 OK

      Server: Apache-Coyote/1.1

      Set-Cookie: JSESSIONID=F58F1ADA97E70915EF9E6E4EE1AEBE00; Path=/; Secure

      Content-Type: application/x-amf

      Content-Length: 173

      Date: Sun, 23 Feb 2014 10:17:00 GMT

       

       

      Flex Message (flex.messaging.messages.AcknowledgeMessageExt)     clientId = EA18E8B9-951F-6F87-7B47-48B8B202EE75    correlationId = 7D2782C1-C8A5-41A3-2055-5E3F771424C8    destination = null    messageId = EA18E8F6-9E0E-1FE4-0D26-6F0E602F5C5E    timestamp = 1393150620542    timeToLive = 0    body = null    hdr(DSMessagingVersion) = 1.0    hdr(DSId) = EA18E8B9-950B-4B42-EF70-369D656BA3F2

       

      And next request to server (login operation) without jsession cookie:


      POST /Conn/messagebroker/amfsecure HTTP/1.1

      Referer: app:/BlazeDSClient.swf

      Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, text/plain;q=0.8, text/css, image/png, image/jpeg, image/gif;q=0.8, application/x-shockwave-flash, video/mp4;q=0.9, flv-application/octet-stream;q=0.8, video/x-flv;q=0.7, audio/mp4, application/futuresplash, */*;q=0.5

      x-flash-version: 12,0,0,68

      Content-Type: application/x-amf

      Accept-Encoding: gzip,deflate

      User-Agent: Mozilla/5.0 (Windows; U; en) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/4.0

      Host: localhost

      Content-Length: 299

       

       

      Flex Message (flex.messaging.messages.CommandMessage)     operation = login    clientId =  null    destination =  auth    messageId =  7B47BBF2-08C0-0E41-5D88-5E3F76FA4882    timestamp =  0    timeToLive =  0    ***not printing credentials***

       

      and server answering with new session cookie:


      HTTP/1.1 200 OK

      Server: Apache-Coyote/1.1

      Set-Cookie: JSESSIONID=03BD8347F9E9511C299B717DD55625C9; Path=/; Secure

      Content-Type: application/x-amf

      Content-Length: 535

      Date: Sun, 23 Feb 2014 10:17:01 GMT

       

       

      Flex Message (flex.messaging.messages.ErrorMessage)     clientId = null    correlationId = 7B47BBF2-08C0-0E41-5D88-5E3F76FA4882    destination = auth    messageId = EA18F4A7-C80D-103B-F8D0-58B6F148F142    timestamp = 1393150621768    timeToLive = 0    body = null    code =  Server.Processing.DuplicateSessionDetected    message =  Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly.    details =  null    rootCause =  null    body =  null    extendedData =  null

       

      And again - when used non-secure protocol everything ok - session cookie sevt to server in login operation as expected.

       

       

      I have a little experience in Flex development and didn't find any method to set session cookie when triggered channel login request. Could you help to resolve this issue, please?

       

       

      Thanks.