We are using Spring-flex 1.0.3.Release with BlazeDS 22.214.171.12478 version in our Spring 3.0 framework based web app.
The front end uses Flex SDK 4.1
The front end uses RemoteObject calls for all its data/services from Web App.
The problem is that when cookies are disabled altogether, the app doesn't work.
In most of the forums and on blogs, what i saw was that, when cookies are disabled, then the flex sends jsessionid as part of the request url and the middletier handles them automatically and session is maintained.
However upon closer debugging what i found was that a new session is created for each request and older sessions are invalidated in the web app.
All along we were thinking it as a server problem and debugging BlazeDS server code and its HttpSession to FlexSession map along with DSID.
After closely looking at the Request object that is coming from Flex client app to my astonishment the following HttpRequest parameters are not set
requestedSessionURL should be true and requestedSessionId should be set to whatever jsessionID value is.
Without these values set, the WebContainer doesn't look at the jsessionID in the url and creates new session when you make the call request.getSession(true).
In summary, when cookies are disabled the Flex http request should have above properties set in the underlying HttpRequest object and then the web layer will handle it correctly. Most of our web users have third party cookies disabled and we are having 5-10% drop in revenue due to this issue.
In production our flash app is download from a different web app container and once downloaded the app makes remote service requests to web app running on a different container on altogether a different host.
Can somebody look at this issue and help us resolve?
Note: We have upgarded to the latest flex sdk as well as blazeds libraries and still see the same issue.
Can you provide sample code that illustrates the issue as well as your environment details?
Just disable cookies in the Browser and access the RemoteObjects from middle tier. This should reproduce the issue.
I can't provide a cut down version of code.
This is an old post. Hopefully someone has more info by now. We have just deployed our first app to Prod and have this issue occasionally. When it happens it is usually from someone who is using the app regularly though not in separate browser windows. We have CF as a middle tier and there is HLB in the mix. The load balancer regulates by client ip so we think that this may not be related. Any news?