tag:blogger.com,1999:blog-19056005.post115808816091974317..comments2023-08-01T04:33:41.114-07:00Comments on Coldfused?: Handling J2EE session with cookies disabledRupesh Kumarhttp://www.blogger.com/profile/11403172559407967918noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-19056005.post-25530780307532761672007-01-21T22:45:00.000-08:002007-01-21T22:45:00.000-08:00I am also experiencing problems with session varia...I am also experiencing problems with session variables in a clusted environment.<br /><br />With my test code, cookies on for the cluster URL - all fine. Disable cookies - session lost.<br /><br />Go to either instance directly (via port) with cookies disabled it is fine, ie session stays.<br /><br />CFMX 702 Ent<br />Win 2003<br />J2ee vars - sticky onAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-19056005.post-1166498310179418202006-12-18T19:18:00.000-08:002006-12-18T19:18:00.000-08:00Nice to read all of ur discussion..I am also facin...Nice to read all of ur discussion..<BR/>I am also facing one Jsessionid problem while IT security testing.<BR/> telnet our site then<BR/>pass the parameters like that<BR/><BR/><BR/>POST /sonystyle/searchsonystyle.do HTTP/1.0<BR/>Content-Type: application/x-www-form-urlencoded<BR/>Host: www.sonystyle.com.sg<BR/>Cookie: JSESSIONID="<BR/>Content-Length: 10<BR/><BR/>query=sony<BR/><BR/>if JSESSIONID value is "<BR/>then I am getting error.<BR/>how to handle this JSESSIONID ?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-19056005.post-1158888442671834102006-09-21T18:27:00.000-07:002006-09-21T18:27:00.000-07:00Nice one bro. Thanks for the heads up!Nice one bro. Thanks for the heads up!Dawesihttps://www.blogger.com/profile/10104622524235522116noreply@blogger.comtag:blogger.com,1999:blog-19056005.post-1158823426271110092006-09-21T00:23:00.000-07:002006-09-21T00:23:00.000-07:00Hi again :)You're right. 2 Webservers with Coldfus...Hi again :)<BR/><BR/>You're right. 2 Webservers with Coldfusion behind a Software Loadbalancer (ldirectord). The load balancer is able to handle sticky sessions.. but it's not turned on at the moment...<BR/><BR/>Both connectors have the cluster connected.. not a node.. this should be ok.<BR/><BR/>JoergAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-19056005.post-1158772995856663142006-09-20T10:23:00.000-07:002006-09-20T10:23:00.000-07:00Hi Joerg,What kind of load balancer are you using?...Hi Joerg,<BR/>What kind of load balancer are you using? Is it a hardware loadbalancer or software loadbalancer? <BR/>As I understand, you have a cluster of two cf nodes each of them behind a webserver using a connector. So actually you have two webservers with a load balancer in front. Is that correct?<BR/>If it is, then please check if the loadbalancer supports the sticky session concept. If it does then I think it might be a better idea to enable that. <BR/>Are both the connectors aware of both the cluster nodes? Let me check with JRun guys here if that would work or if there are any issues there. I know for sure that when connector is used as a load balancer then it does route the request proeprly maintaining session stickiness.<BR/>RupeshRupesh Kumarhttps://www.blogger.com/profile/11403172559407967918noreply@blogger.comtag:blogger.com,1999:blog-19056005.post-1158753271963858092006-09-20T04:54:00.000-07:002006-09-20T04:54:00.000-07:00Hi Rupesh...sorry for responding so late...The sit...Hi Rupesh...<BR/>sorry for responding so late...<BR/>The site is faced to external users and the proxy is located somewhere on client-side...<BR/><BR/>I discovered something new... <BR/>We currently run a site in a subframe of our customers website... Because our site runs under a differnt domain, IE security settings forbid cookies from our site.<BR/>So we have a similar scenario here... This site runs on our CFMX 7.0.2 Cluster with 2 Nodes and a load-balancer in front of the webservers...<BR/>While usere where klicking around in our site, it seemed that with every click there was a new session generated for the user.<BR/>Even urlsessionformat did not resolve this... <BR/>Our Cluster ran with sticky sessions and session-replication turned off. I thought that the connector would handle the sticky-sessions and always use the same cfmx node for one session. But obviously it didn't - turning on session-replication solved this problem... <BR/><BR/>Are the connectors on the 2 webservers unable to interchange sticky-session data? maybe the load-balancer in front of the cluster should have user-persistent routing turned on...<BR/>Did I put this clear? Better an example :)<BR/><BR/>user requests page<BR/>load balancer routes him to server1<BR/>connector on server1 routes him to server1<BR/>session is created on server1<BR/><BR/>user requests next page<BR/>load balancer routes him to server2<BR/>connector on server2 routes him to server2<BR/>new session is created on server2 because sessionid is unknown<BR/><BR/>user requests next page<BR/>load balancer routes him to server1<BR/>connector on server1 routes him to server1<BR/>new session is created on server1 because sessionid is unknown again.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-19056005.post-1158322776660800082006-09-15T05:19:00.000-07:002006-09-15T05:19:00.000-07:00Hi Joerg,When cookies are enabled, session is trac...Hi Joerg,<BR/>When cookies are enabled, session is tracked using cookies and urltoken will not be used by the server in that case. <BR/>It seems to me that it was a badly configured proxy. A proxy should never cache dynamic content and should only cache the static pages like html and images. <BR/>Was it a proxy in your company and faced by intranet users? or some external customers reported it to you?<BR/><BR/>Rupesh.Rupesh Kumarhttps://www.blogger.com/profile/11403172559407967918noreply@blogger.comtag:blogger.com,1999:blog-19056005.post-1158304442732273102006-09-15T00:14:00.000-07:002006-09-15T00:14:00.000-07:00hi rupesh...this is exactly what I did in a projec...hi rupesh...<BR/>this is exactly what I did in a project lately...<BR/>but I ran into a problem:<BR/>urlsessionformat() only rewrites the url if the client has cookies disabled... so most of the time your url would just look like "test.cfm"<BR/><BR/>This shouldn't be a problem, but I got informed that in some cases users got to see pages filled with other user's data.<BR/>Seems that these pages got cached by the company-proxy...<BR/>After appending the default #session.urltoken# everything worked just fine...<BR/>Did I miss to adjust something or what was it?!<BR/><BR/>greetings<BR/><BR/>Joerg ZimmerAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-19056005.post-1158134590659739822006-09-13T01:03:00.000-07:002006-09-13T01:03:00.000-07:00Oh yes. thanks. edited.Oh yes. thanks. edited.Rupesh Kumarhttps://www.blogger.com/profile/11403172559407967918noreply@blogger.comtag:blogger.com,1999:blog-19056005.post-1158090910003424282006-09-12T12:55:00.000-07:002006-09-12T12:55:00.000-07:00Good to know about this technique - thanx! Might n...Good to know about this technique - thanx! Might not want to assign to a variable called 'url' tho' since it is a scope...Anonymousnoreply@blogger.com