Re(2): help - multiple users are getting the same session
Re(2): help - multiple users are getting the same session
- Subject: Re(2): help - multiple users are getting the same session
- From: "Robert Snyder" <email@hidden>
- Date: Wed, 15 Dec 2004 15:53:53 -0500
- Organization: Penn State World Campus
Denis,
You can turn off the OS X server performance cache by launching the
Server Admin application and going to the Web item for that server.
Go to settings, and click on the specific site (if you have ssl and plain
HTTP running you will have two showing).
Click on the Options tab for that site, and you will see Performance Cache.
Turn it off. It most likely will be off if you have SSL, because it reeks
havoc with SSL deployment.
Given the level of traffic you describe, I would can it anyway even if it
doesn't solve the problem.
I really wish that the default deployment on OS X Server was to have this
turned off. It has caused more wasted time for applications deployment
and SSL installations than it is worth for most of us.
Robert
On Thu, Dec 16, 2004, Denis Stanton wrote:
>Hi Chuck
>
>Thank you for the very rapid response. Impressive!
>
>Can you help me out with a very quick question? I know I have turned
>off performance caching in the past, but right now I can't remember
>where this setting is. Is it an option in JavaMonitor? I see a button
>for Caching enabled but my memory suggests that option I'm looking for
>was identified as Performance Cache. As I recall Performance Caching
>is routinely turned off by WebObjectors as part of a policy of
>discouraging the use of the back button
>
>For the record, I have Caching enabled OFF on the server where the
>problem occurs.
>
>It is set ON on test system where the problem does not occur.
>
>Denis
>
>On 16/12/2004, at 7:18 AM, Chuck Hill wrote:
>
>> For that level of load, I'd have to say that running one instance is
>> the better solution. The change notification systems are not fool
>> proof and you still need to deal with the inevitable inconsistencies.
>> They just reduce the occurrence.
>>
>> Chuck
>>
>>
>> On Dec 15, 2004, at 10:11 AM, Denis Stanton wrote:
>>
>>> Hi Liz
>>>
>>> Thank you for your helpful suggestion.
>>>
>>> You have highlighted something I forgot to mention in my description
>>> of the deployment configuration. There is only one instance
>>> deployed. I know this is unusual, but the application is a
>>> reservations systems for booking a limited number of vehicles. It is
>>> vital that all users stay in synch. The simplest way to keep them
>>> close is to force them to all use the same instance. There are
>>> typically only six to eight sessions running and only ever one
>>> instance. A better solution would be to have some sort of change
>>> announcement system between multiple instances.
>>>
>>> Denis
>>>
>>> On 16/12/2004, at 12:29 AM, Elizabeth Lynch wrote:
>>>
>>>> Denis
>>>>
>>>> I don't have a solution, but here's something to consider. How many
>>>> instances are running on the deployment server? I would bet more
>>>> than one - but probably on your dev system via Apache and of course
>>>> in direct connect you're running only one instance.
>>>>
>>>> Does the problem only affect users logging into different / the same
>>>> instance? Does the problem go away if you reduce the instances on
>>>> the deployment server to one only? (Not ideal in the long term, but
>>>> perhaps a simple test to try).
>>>>
>>>> Liz
>>>>
>>>>
>>>> On 15 Dec 2004, at 10:44, Denis Stanton wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> I've found a serious problem with my WebObjects application. It
>>>>> has been running for over a year, but over the last few days users
>>>>> have been reporting that the login name, which is displayed at the
>>>>> top of the window, is actually someone else's, not the one they
>>>>> entered.
>>>>>
>>>>> I didn't believe it but now I've visited the client and seen it for
>>>>> myself. It's worse than they said. The users are actually all
>>>>> being given the same session.
>>>>>
>>>>> When several users log in within a short space of time the first
>>>>> one gets a new session and then the others are given the same
>>>>> session. The results for the application are catastrophic. It
>>>>> handles vehicle reservations with most of the data for a booking
>>>>> being carried in the session class. There are only a small number
>>>>> of users as the application is only used within the company, but
>>>>> when several of the reservations staff are actively editing the
>>>>> same session things get very untidy very quickly.
>>>>>
>>>>> I have done some simple tracing and found that
>>>>> createSessionForRequest(...) is not being called when a new user
>>>>> accesses the web server with the URL
>>>>> http://myserver/cgi-bin/WebObjects/MyApp.woa. It is behaving as if
>>>>> each new user was supplying a URL including an existing session ID.
>>>>> I suppose this is what happens when cookies are used, but I have
>>>>> not put in any code for cookies.
>>>>>
>>>>> It does not happen when I compile and run the application in direct
>>>>> connect mode and it does not seem to happen when I test deploy the
>>>>> application through Apache on my development computer. - Mac OS X
>>>>> 10.3.6, WebObjects 5.2.3
>>>>>
>>>>> It does happen when the application .woa file is copied over to the
>>>>> remote server which is running OS X Server 10.3.6, WebObjects 5.2.3
>>>>>
>>>>> I don't have exclusive control of the server. Is it possible that
>>>>> the administrator has changed the configurations so it is holding
>>>>> the session ID and giving it out to anyone who asks? When I have
>>>>> tested the login procedure I have used multiple tabs in Safari to
>>>>> login with different names, and then tried multiple windows in
>>>>> Safari. I am assured it happens with multiple separate computers,
>>>>> both Mac and Windows. Most of these computers would be on a LAN
>>>>> sharing a DSL connection to the server which is remotely hosted. I
>>>>> am told that even the small group of staff connecting from another
>>>>> city may find they are sharing the same session.
>>>>>
>>>>> Has anybody seen this? It seems to have only happened in the last
>>>>> few days, but I can't imagine what has made it possible.
>>>>>
>>>>> Thank you for reading such a long message.
>>>>>
>>>>> Denis Stanton
>>>>>
>>> Denis Stanton
>>> email@hidden
>>> Home: (09) 533 0391
>>> mobile: 021 1433622
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Webobjects-dev mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>> village.net
>>>
>>> This email sent to email@hidden
>> --
>> Practical WebObjects - a book for intermediate WebObjects developers
>> who want to increase their overall knowledge of WebObjects, or those
>> who are trying to solve specific application development problems.
>> http://www.global-village.net/products/practical_webobjects
>>
>>
>>
>>
>Denis Stanton
>email@hidden
>Home: (09) 533 0391
>mobile: 021 1433622
>Hi Chuck
>
>Thank you for the very rapid response. Impressive!
>
>Can you help me out with a very quick question? I know I have turned off
>performance caching in the past, but right now I can't remember where
>this setting is. Is it an option in JavaMonitor? I see a button for
>Caching enabled but my memory suggests that option I'm looking for was
>identified as Performance Cache. As I recall Performance Caching is
>routinely turned off by WebObjectors as part of a policy of discouraging
>the use of the back button
>
>For the record, I have Caching enabled OFF on the server where the
>problem occurs.
>
>It is set ON on test system where the problem does not occur.
>
>Denis
>
>On 16/12/2004, at 7:18 AM, Chuck Hill wrote:
>
>For that level of load, I'd have to say that running one instance is the
>better solution. The change notification systems are not fool proof and
>you still need to deal with the inevitable inconsistencies. They just
>reduce the occurrence.
>
>Chuck
>
>
>On Dec 15, 2004, at 10:11 AM, Denis Stanton wrote:
>
>Hi Liz
>
>Thank you for your helpful suggestion.
>
>You have highlighted something I forgot to mention in my description of
>the deployment configuration. There is only one instance deployed. I
>know this is unusual, but the application is a reservations systems for
>booking a limited number of vehicles. It is vital that all users stay in
>synch. The simplest way to keep them close is to force them to all use
>the same instance. There are typically only six to eight sessions
>running and only ever one instance. A better solution would be to have
>some sort of change announcement system between multiple instances.
>
>Denis
>
>On 16/12/2004, at 12:29 AM, Elizabeth Lynch wrote:
>
>Denis
>
>I don't have a solution, but here's something to consider. How many
>instances are running on the deployment server? I would bet more than
>one - but probably on your dev system via Apache and of course in direct
>connect you're running only one instance.
>
>Does the problem only affect users logging into different / the same
>instance? Does the problem go away if you reduce the instances on the
>deployment server to one only? (Not ideal in the long term, but perhaps a
>simple test to try).
>
>Liz
>
>
>On 15 Dec 2004, at 10:44, Denis Stanton wrote:
>
>Hi
>
>I've found a serious problem with my WebObjects application. It has been
>running for over a year, but over the last few days users have been
>reporting that the login name, which is displayed at the top of the
>window, is actually someone else's, not the one they entered.
>
>I didn't believe it but now I've visited the client and seen it for
>myself. It's worse than they said. The users are actually all being
>given the same session.
>
>When several users log in within a short space of time the first one gets
>a new session and then the others are given the same session. The
>results for the application are catastrophic. It handles vehicle
>reservations with most of the data for a booking being carried in the
>session class. There are only a small number of users as the application
>is only used within the company, but when several of the reservations
>staff are actively editing the same session things get very untidy very
>quickly.
>
>I have done some simple tracing and found that
>createSessionForRequest(...) is not being called when a new user accesses
>the web server with the URL http://myserver/cgi-bin/WebObjects/MyApp.woa.
> It is behaving as if each new user was supplying a URL including an
>existing session ID. I suppose this is what happens when cookies are
>used, but I have not put in any code for cookies.
>
>It does not happen when I compile and run the application in direct
>connect mode and it does not seem to happen when I test deploy the
>application through Apache on my development computer. - Mac OS X
>10.3.6, WebObjects 5.2.3
>
>It does happen when the application .woa file is copied over to the
>remote server which is running OS X Server 10.3.6, WebObjects 5.2.3
>
>I don't have exclusive control of the server. Is it possible that the
>administrator has changed the configurations so it is holding the session
>ID and giving it out to anyone who asks? When I have tested the login
>procedure I have used multiple tabs in Safari to login with different
>names, and then tried multiple windows in Safari. I am assured it
>happens with multiple separate computers, both Mac and Windows. Most of
>these computers would be on a LAN sharing a DSL connection to the server
>which is remotely hosted. I am told that even the small group of staff
>connecting from another city may find they are sharing the same session.
>
>Has anybody seen this? It seems to have only happened in the last few
>days, but I can't imagine what has made it possible.
>
>Thank you for reading such a long message.
>
>Denis Stanton
>
>Denis Stanton
>email@hidden
>Home: (09) 533 0391
>mobile: 021 1433622
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Webobjects-dev mailing list (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>village.net
>
>This email sent to email@hidden
>--
>Practical WebObjects - a book for intermediate WebObjects developers who
>want to increase their overall knowledge of WebObjects, or those who are
>trying to solve specific application development problems.
>http://www.global-village.net/products/practical_webobjects
>
>
>
>
>Denis Stanton
>email@hidden
>Home: (09) 533 0391
>mobile: 021 1433622
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Webobjects-dev mailing list (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden
____________________________________________
Robert Snyder, Director
World Campus Data Management Services
The Pennsylvania State University
105 Mitchell Building
University Park PA 16802
Phone: 814-865-0912 Fax: 814-865-4406
E-mail: email@hidden
URL: http://www.worldcampus.psu.edu
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden