10 Replies Latest reply on Oct 16, 2014 8:44 AM by BKBK

    Replaying HTTP traffic to a CF server

    Blank101

      This is a somewhat technical question. I have recorded a bunch of HTTP traffic to my CF application doing actions that I would like to replay at a later time for testing purposes. These recordings involve a user logging into the application followed by the user performing a bunch of actions. In order to replay this traffic accurately I have set up the replayed traffic to adjust its cookies to maintain the session since the session used during the recording will be expired by then.

       

      This approach works fine for 1 client or so, but when I start scaling this up to many clients it starts to fail intermittently. Debugging the replay clients that are failing, I see that the server is generating a new JSESSIONID cookie for each response even though I am sending the proper cookie in the request. On the other hand, for a replay client that works correctly, I see the JSESSIONID cookie staying the same for the entire session. After a while of running many clients using this method the CF server seems unable to accept any replay clients. Restarting the server seems to fix this problem, but then it starts to happen again.

       

      My guess is that this has something to do with the internals of either the CF configuration or the J2EE session configuration. Does anyone with a more detailed knowledge of these applications have an idea of what might be wrong?

        • 1. Re: Replaying HTTP traffic to a CF server
          BKBK Adobe Community Professional & MVP

          Is there just one application file? How do the various clients interact with the application? Via browsers? If so, is it one client per browser?

          • 2. Re: Replaying HTTP traffic to a CF server
            Blank101 Level 1

            Let me preface this by saying this is my first time using CF, so my knowledge is very limited.

             

            As far as my understanding goes there is no application file. I assume you are talking about the application.cfc file in the root directory. All the settings provided are default. I am only testing against one application.

             

            For interaction, there were two stages to this. In the first stage I set up a proxy to record all http traffic to the CF server using a program called gor (buger/gor · GitHub). I then started interacting with the CF server with a flash client in my browser, and the gor program recorded all traffic into a file. This part runs fine.

             

            In the second stage I run gor clients a few days later that read the file and just repeat exactly what was sent over the wire including the time delays and everything. With the exception of the "Cookie" header all other http headers are identical for all gor clients. The Cookie header is the only one I adjust to make sure the previously recorded session tokens are not sent. Those will have expired since I am doing this test several days later. Instead I send no cookies with the first request and the CF server responds with a JSESSIONID like normal. I then record this cookie and send it along with the next request and so on - just like browsers would do. This is the stage where the intermittent problem would come in. I start with a freshly restarted CF server and I try this with one client and I see 1 JSESSIONID being sent/recieved for the whole session. Part way through the session I see a CFID and CFTOKEN being generated by the server and I treat these the same as JSESSIONID. This works fine. I see data being input into the database and everything in the exact same way as when I originally recorded. So I try the same with spinning up 20 gor clients and then I start to see the JSESSIONID being changed by the server over and over again for no apparent reason. Since I cannot keep a consistent session, the gor client cannot interact properly with the server because the login event is not tied to the same session.

             

            I have tried this with 20 gor clients on one server and 20 gor clients on 20 servers with the same result.

             

            Does this clear up your questions?

            • 3. Re: Replaying HTTP traffic to a CF server
              BKBK Adobe Community Professional & MVP

              The Application.cfc file may or may not solve your immediate problem, however it is a necessary tool in maintaining sessions. It need not be elaborate. Something like this will do:

               

              Application.cfc

               

              <cfcomponent>

                  <cfscript>

                      this.name = "ation_replay";

                      this.applicationTimeout = "#createTimespan(1,0,0,0)#";

                      this.loginStorage = "session";

                      this.sessionManagement = "true";

                      this.sessionTimeout = "#createTimeSpan(0,0,30,0)#";

                      this.setClientCookies = "true";

                   </cfscript>

                  <cffunction name="onApplicationStart" returntype="boolean">

                      <cfreturn true>

                   </cffunction>

              </cfcomponent>

              • 4. Re: Replaying HTTP traffic to a CF server
                BKBK Adobe Community Professional & MVP

                How does gor store session/cookie data per client? If gor is unable to distinguish the 20 replays as 20 independent client requests, then Coldfusion will think it is the same client knocking 20 times on the door. Current ColdFusion versions are configured to disallow multiple clients sharing the same session.

                • 5. Re: Replaying HTTP traffic to a CF server
                  Blank101 Level 1

                  Will try with the Application.cfc and see if that fixes the problem.

                   

                  Each gor client runs in its own process and stores cookie information independently.

                  • 6. Re: Replaying HTTP traffic to a CF server
                    Blank101 Level 1

                    Tried with this Application.cfc with no success. I don't think the problem is due to a lack of session management altogether because the sessions do work correctly for a bit then they start failing. Any other ideas?

                    • 7. Re: Replaying HTTP traffic to a CF server
                      BKBK Adobe Community Professional & MVP

                      OK. But you should just leave the application file there anyway.

                       

                      On to a new idea. You say each client sets a cookie. I am assuming this to be a non-session cookie. If so, is this cookie distinct for each client?

                      • 8. Re: Replaying HTTP traffic to a CF server
                        Blank101 Level 1

                        Every cookie is a "session" cookie in that it is unique to each gor client and does not persist from replay to replay. Here is an example of how this goes when it is broken and not broken:

                         

                        Working correctly.

                         

                        Client 1:

                        Request 1 - No cookies sent

                        Response 1 - Set JSESSIONID to "123"

                        Request 2 - Send JSESSIONID of "123"

                        Response 2 - No change in cookies

                        ...

                        Request N - Send JSESSIONID of "123"

                        Response N - Set CFID and CFToken

                        Request N+1 - Send JSESSIONID, CFID, CFToken

                        ...

                         

                        Client 2:

                        Request 1 - No cookies sent

                        Response 1 - Set JSESSIONID to "456"

                        Request 2 - Send JSESSIONID of "456"

                        Response 2 - No change in cookies

                        ...

                        Request N - Send JSESSIONID of "456"

                        Response N - Set CFID and CFToken

                        Request N+1 - Send JSESSIONID, CFID, CFToken

                        ...

                         

                        Broken. This occurs after a couple of successful runs.

                         

                        Client 1:

                        Request 1 - No cookies sent

                        Response 1 - Set JSESSIONID to "a"

                        Request 2 - Send JSESSIONID of "a"

                        Response 2 - Set JSESSIONID to "b"

                        Request 3 - Send JSESSIONID of "b"

                        Response 3 - Set JSESSIONID to "c"

                        ...

                        No CFID or CFToken are ever sent.

                         

                        Client 2:

                        Request 1 - No cookies sent

                        Response 1 - Set JSESSIONID to "1"

                        Request 2 - Send JSESSIONID of "1"

                        Response 2 - Set JSESSIONID to "2"

                        Request 3 - Send JSESSIONID of "2"

                        Response 3 - Set JSESSIONID to "3"

                        ...

                        No CFID or CFToken are ever sent.

                        • 9. Re: Replaying HTTP traffic to a CF server
                          Blank101 Level 1

                          Okay I've managed to solve this. Turns out the session reset was coming from a CF error that said Duplicate Session Detected. This was because there was yet another state management variable being passed around in the http message body called DSId. I managed to pull this from the server response and send it for subsequent requests. This seems to have fixed the problem.

                          • 10. Re: Replaying HTTP traffic to a CF server
                            BKBK Adobe Community Professional & MVP

                            Glad to hear you found the solution. Thanks for sharing it with us.